drm/ast: potential dereference of null pointer

Message ID	20211213053912.2167066-1-jiasheng@iscas.ac.cn (mailing list archive)
State	New, archived
Headers	show Return-Path: <dri-devel-bounces@lists.freedesktop.org> From: Jiasheng Jiang <jiasheng@iscas.ac.cn> To: airlied@redhat.com, tzimmermann@suse.de, airlied@linux.ie, daniel@ffwll.ch Subject: [PATCH] drm/ast: potential dereference of null pointer Date: Mon, 13 Dec 2021 13:39:12 +0800 Message-Id: <20211213053912.2167066-1-jiasheng@iscas.ac.cn> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Cc: Jiasheng Jiang <jiasheng@iscas.ac.cn>, linux-kernel@vger.kernel.org, dri-devel@lists.freedesktop.org Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" <dri-devel-bounces@lists.freedesktop.org>
Series	drm/ast: potential dereference of null pointer \| expand drm/ast: potential dereference of null pointer

Message ID

20211213053912.2167066-1-jiasheng@iscas.ac.cn (mailing list archive)

State

New, archived

Headers

From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
To: airlied@redhat.com, tzimmermann@suse.de, airlied@linux.ie, daniel@ffwll.ch
Subject: [PATCH] drm/ast: potential dereference of null pointer
Date: Mon, 13 Dec 2021 13:39:12 +0800
Message-Id: <20211213053912.2167066-1-jiasheng@iscas.ac.cn>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: list
Cc: Jiasheng Jiang <jiasheng@iscas.ac.cn>, linux-kernel@vger.kernel.org,
 dri-devel@lists.freedesktop.org
Errors-To: dri-devel-bounces@lists.freedesktop.org
Sender: "dri-devel" <dri-devel-bounces@lists.freedesktop.org>

Series

drm/ast: potential dereference of null pointer | expand

Commit Message

Jiasheng Jiang Dec. 13, 2021, 5:39 a.m. UTC

he return value of kzalloc() needs to be checked.
To avoid use of null pointer '&ast_state->base' in case of the
failure of alloc.

Fixes: f0adbc382b8b ("drm/ast: Allocate initial CRTC state of the correct size")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
---
 drivers/gpu/drm/ast/ast_mode.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Thomas Zimmermann Dec. 13, 2021, 9:59 a.m. UTC | #1

Hi,

thanks for the patch.

Am 13.12.21 um 06:39 schrieb Jiasheng Jiang:
> he return value of kzalloc() needs to be checked.

'The'

> To avoid use of null pointer '&ast_state->base' in case of the
> failure of alloc.
> 
> Fixes: f0adbc382b8b ("drm/ast: Allocate initial CRTC state of the correct size")
> Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
> ---
>   drivers/gpu/drm/ast/ast_mode.c | 3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/gpu/drm/ast/ast_mode.c b/drivers/gpu/drm/ast/ast_mode.c
> index 36d9575aa27b..67f8e3f90ea2 100644
> --- a/drivers/gpu/drm/ast/ast_mode.c
> +++ b/drivers/gpu/drm/ast/ast_mode.c
> @@ -1120,7 +1120,8 @@ static void ast_crtc_reset(struct drm_crtc *crtc)
>   	if (crtc->state)
>   		crtc->funcs->atomic_destroy_state(crtc, crtc->state);
>   
> -	__drm_atomic_helper_crtc_reset(crtc, &ast_state->base);
> +	if (ast_state)
> +		__drm_atomic_helper_crtc_reset(crtc, &ast_state->base);

If ast_state is NULL, __drm_atomic_helper_crtc_reset() has to be called 
with a state of NULL. Otherwise the reset might leave the dangling 
pointer in the CRTC's state field.

Best regards
Thomas

>   }
>   
>   static struct drm_crtc_state *
>

diff --git a/drivers/gpu/drm/ast/ast_mode.c b/drivers/gpu/drm/ast/ast_mode.c
index 36d9575aa27b..67f8e3f90ea2 100644
--- a/drivers/gpu/drm/ast/ast_mode.c
+++ b/drivers/gpu/drm/ast/ast_mode.c
@@ -1120,7 +1120,8 @@  static void ast_crtc_reset(struct drm_crtc *crtc)
 	if (crtc->state)
 		crtc->funcs->atomic_destroy_state(crtc, crtc->state);
 
-	__drm_atomic_helper_crtc_reset(crtc, &ast_state->base);
+	if (ast_state)
+		__drm_atomic_helper_crtc_reset(crtc, &ast_state->base);
 }
 
 static struct drm_crtc_state *

drm/ast: potential dereference of null pointer

Commit Message

Comments

Patch