diff mbox

drm/i915: fix NULL deref in the load detect code

Message ID 1392392154-3479-1-git-send-email-daniel.vetter@ffwll.ch (mailing list archive)
State New, archived
Headers show

Commit Message

Daniel Vetter Feb. 14, 2014, 3:35 p.m. UTC 
Looks like I've missed one of the potential NULL deref bugs in Jesse's
fbdev->fb embedded struct to pointer conversions. Fix it up.

This regression has been introduced in

commit 8bcd45534ddf68ab71aeed709dacd9cf65dc0f75
Author: Jesse Barnes <jbarnes@virtuousgeek.org>
Date:   Fri Feb 7 12:10:38 2014 -0800

    drm/i915: alloc intel_fb in the intel_fbdev struct

Cc: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
---
 drivers/gpu/drm/i915/intel_display.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

Comments

Jesse Barnes Feb. 14, 2014, 4:11 p.m. UTC | #1 
On Fri, 14 Feb 2014 16:35:54 +0100
Daniel Vetter <daniel.vetter@ffwll.ch> wrote:

> Looks like I've missed one of the potential NULL deref bugs in Jesse's
> fbdev->fb embedded struct to pointer conversions. Fix it up.
> 
> This regression has been introduced in
> 
> commit 8bcd45534ddf68ab71aeed709dacd9cf65dc0f75
> Author: Jesse Barnes <jbarnes@virtuousgeek.org>
> Date:   Fri Feb 7 12:10:38 2014 -0800
> 
>     drm/i915: alloc intel_fb in the intel_fbdev struct
> 
> Cc: Jesse Barnes <jbarnes@virtuousgeek.org>
> Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
> ---
>  drivers/gpu/drm/i915/intel_display.c | 8 +++++---
>  1 file changed, 5 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
> index 0d3f2a5f4d2d..f19e6ea36dc4 100644
> --- a/drivers/gpu/drm/i915/intel_display.c
> +++ b/drivers/gpu/drm/i915/intel_display.c
> @@ -7754,13 +7754,15 @@ mode_fits_in_fbdev(struct drm_device *dev,
>  	struct drm_i915_gem_object *obj;
>  	struct drm_framebuffer *fb;
>  
> -	if (dev_priv->fbdev == NULL)
> +	if (!dev_priv->fbdev)
>  		return NULL;
>  
> -	obj = dev_priv->fbdev->fb->obj;
> -	if (obj == NULL)
> +	if (!dev_priv->fbdev->fb)
>  		return NULL;
>  
> +	obj = dev_priv->fbdev->fb->obj;
> +	BUG_ON(!obj);
> +
>  	fb = &dev_priv->fbdev->fb->base;
>  	if (fb->pitches[0] < intel_framebuffer_pitch_for_width(mode->hdisplay,
>  							       fb->bits_per_pixel))

ah yep, good catch.

Reviewed-by: Jesse Barnes <jbarnes@virtuousgeek.org>
diff mbox

Patch

diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
index 0d3f2a5f4d2d..f19e6ea36dc4 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
@@ -7754,13 +7754,15 @@  mode_fits_in_fbdev(struct drm_device *dev,
 	struct drm_i915_gem_object *obj;
 	struct drm_framebuffer *fb;
 
-	if (dev_priv->fbdev == NULL)
+	if (!dev_priv->fbdev)
 		return NULL;
 
-	obj = dev_priv->fbdev->fb->obj;
-	if (obj == NULL)
+	if (!dev_priv->fbdev->fb)
 		return NULL;
 
+	obj = dev_priv->fbdev->fb->obj;
+	BUG_ON(!obj);
+
 	fb = &dev_priv->fbdev->fb->base;
 	if (fb->pitches[0] < intel_framebuffer_pitch_for_width(mode->hdisplay,
 							       fb->bits_per_pixel))