From mboxrd@z Thu Jan 1 00:00:00 1970
From: bugzilla-daemon-CC+yJ3UmIYqDUpFQwHEjaQ@public.gmane.org
Subject: [Bug 38196] New: Null pointer dereference in
nouveau_gpuobj_channel_takedown
Date: Sat, 11 Jun 2011 18:11:41 -0700 (PDT)
Message-ID:
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path:
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Sender: nouveau-bounces+gcfxn-nouveau=m.gmane.org-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org
Errors-To: nouveau-bounces+gcfxn-nouveau=m.gmane.org-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org
To: nouveau-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org
List-Id: nouveau.vger.kernel.org
https://bugs.freedesktop.org/show_bug.cgi?id=38196
Summary: Null pointer dereference in
nouveau_gpuobj_channel_takedown
Product: Mesa
Version: git
Platform: x86-64 (AMD64)
OS/Version: Linux (All)
Status: NEW
Severity: critical
Priority: medium
Component: Drivers/DRI/nouveau
AssignedTo: nouveau-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org
ReportedBy: rjgleits-Bdlq13kUjeyLZ21kGMrzwg@public.gmane.org
The code for this procedure includes (line 878) assignment to a pointer of type
struct nv50_display_crtc. However nv50_display(dev) is null for earlier cards
(e.g., nv40). This causes a kernel oops if for example a program using mesa is
terminated.
I tried skipping the loop containing this line if nv50_display(dev) is null and
this worked on my 6800 Ultra.
Best Wishes,
Bob Gleitsmann
--
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.