[PATCH] drm/fb-helper: Fix potential NULL pointer dereference

[PATCH] drm/fb-helper: Fix potential NULL pointer dereference

[Gustavo A. R. Silva]

fb_helper is being dereferenced before it is null checked,
hence there is a potential null pointer dereference.

Fix this by moving the pointer dereference after fb_helper
has been null checked.

This issue was detected with the help of Coccinelle.

Fixes: c777990fb45b ("drm/fb-helper: Handle function NULL argument")
Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com>
---
 drivers/gpu/drm/drm_fb_helper.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c
index 6654f2f..04a3a5c 100644
--- a/drivers/gpu/drm/drm_fb_helper.c
+++ b/drivers/gpu/drm/drm_fb_helper.c
@@ -178,7 +178,7 @@ EXPORT_SYMBOL(drm_fb_helper_add_one_connector);
  */
 int drm_fb_helper_single_add_all_connectors(struct drm_fb_helper *fb_helper)
 {
-	struct drm_device *dev = fb_helper->dev;
+	struct drm_device *dev;
 	struct drm_connector *connector;
 	struct drm_connector_list_iter conn_iter;
 	int i, ret = 0;
@@ -186,6 +186,8 @@ int drm_fb_helper_single_add_all_connectors(struct drm_fb_helper *fb_helper)
 	if (!drm_fbdev_emulation || !fb_helper)
 		return 0;
 
+	dev = fb_helper->dev;
+
 	mutex_lock(&fb_helper->lock);
 	drm_connector_list_iter_begin(dev, &conn_iter);
 	drm_for_each_connector_iter(connector, &conn_iter) {
-- 
2.7.4

Re: [PATCH] drm/fb-helper: Fix potential NULL pointer dereference

[Daniel Vetter]

On Tue, Dec 05, 2017 at 11:46:28AM -0600, Gustavo A. R. Silva wrote:
> fb_helper is being dereferenced before it is null checked,
> hence there is a potential null pointer dereference.
> 
> Fix this by moving the pointer dereference after fb_helper
> has been null checked.
> 
> This issue was detected with the help of Coccinelle.
> 
> Fixes: c777990fb45b ("drm/fb-helper: Handle function NULL argument")
> Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com>

Oops. Applied to drm-misc-next, thanks for your patch.
-Daniel

> ---
>  drivers/gpu/drm/drm_fb_helper.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c
> index 6654f2f..04a3a5c 100644
> --- a/drivers/gpu/drm/drm_fb_helper.c
> +++ b/drivers/gpu/drm/drm_fb_helper.c
> @@ -178,7 +178,7 @@ EXPORT_SYMBOL(drm_fb_helper_add_one_connector);
>   */
>  int drm_fb_helper_single_add_all_connectors(struct drm_fb_helper *fb_helper)
>  {
> -	struct drm_device *dev = fb_helper->dev;
> +	struct drm_device *dev;
>  	struct drm_connector *connector;
>  	struct drm_connector_list_iter conn_iter;
>  	int i, ret = 0;
> @@ -186,6 +186,8 @@ int drm_fb_helper_single_add_all_connectors(struct drm_fb_helper *fb_helper)
>  	if (!drm_fbdev_emulation || !fb_helper)
>  		return 0;
>  
> +	dev = fb_helper->dev;
> +
>  	mutex_lock(&fb_helper->lock);
>  	drm_connector_list_iter_begin(dev, &conn_iter);
>  	drm_for_each_connector_iter(connector, &conn_iter) {
> -- 
> 2.7.4
> 
> _______________________________________________
> dri-devel mailing list
> dri-devel@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/dri-devel

-- 
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch

Re: [PATCH] drm/fb-helper: Fix potential NULL pointer dereference

[Gustavo A. R. Silva]

Quoting Daniel Vetter <daniel@ffwll.ch>:

> On Tue, Dec 05, 2017 at 11:46:28AM -0600, Gustavo A. R. Silva wrote:
>> fb_helper is being dereferenced before it is null checked,
>> hence there is a potential null pointer dereference.
>>
>> Fix this by moving the pointer dereference after fb_helper
>> has been null checked.
>>
>> This issue was detected with the help of Coccinelle.
>>
>> Fixes: c777990fb45b ("drm/fb-helper: Handle function NULL argument")
>> Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com>
>
> Oops. Applied to drm-misc-next, thanks for your patch.
> -Daniel
>

Glad to help. :)

Thanks
--
Gustavo A. R. Silva