From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Gustavo A. R. Silva" <garsilva@embeddedor.com>
Subject: [PATCH] drm/vmwgfx_kms: Fix potential NULL pointer dereference
Date: Mon, 4 Dec 2017 15:54:18 -0600
Message-ID: <20171204215418.GA23874@embeddedor.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Return-path: <linux-kernel-owner@vger.kernel.org>
Content-Disposition: inline
Sender: linux-kernel-owner@vger.kernel.org
To: VMware Graphics <linux-graphics-maintainer@vmware.com>, Sinclair Yeh <syeh@vmware.com>, Thomas Hellstrom <thellstrom@vmware.com>, David Airlie <airlied@linux.ie>
Cc: dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org, "Gustavo A. R. Silva" <garsilva@embeddedor.com>
List-Id: dri-devel@lists.freedesktop.org

crtc_state is being null checked in a previous code block, which implies
that such pointer might be null.

crtc_state is dereferenced in drm_atomic_helper_check_plane_state, hence
there is a potential null pointer dereference.

Fix this by warning-on and returning -EINVAL in case crtc_state is null.

Addresses-Coverity-ID: 1462412 ("Dereference after null check")
Fixes: a01cb8ba3f62 ("drm: Move drm_plane_helper_check_state() into drm_atomic_helper.c")
Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com>
---
 drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
index a2a93d7..72c3b290 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
@@ -454,6 +454,9 @@ int vmw_du_primary_plane_atomic_check(struct drm_plane *plane,
 		clip.y2 = crtc_state->adjusted_mode.vdisplay;
 	}
 
+	if (WARN_ON(!crtc_state))
+		return -EINVAL;
+
 	ret = drm_atomic_helper_check_plane_state(state, crtc_state, &clip,
 						  DRM_PLANE_HELPER_NO_SCALING,
 						  DRM_PLANE_HELPER_NO_SCALING,
-- 
2.7.4