From: "Ville Syrjälä" <ville.syrjala@linux.intel.com>
To: "Gustavo A. R. Silva" <gustavo@embeddedor.com>
Cc: Patrik Jakobsson <patrik.r.jakobsson@gmail.com>,
David Airlie <airlied@linux.ie>,
linux-kernel@vger.kernel.org, dri-devel@lists.freedesktop.org
Subject: Re: [PATCH] drm/gma500: Fix potential NULL pointer dereference
Date: Tue, 26 Jun 2018 16:28:54 +0300 [thread overview]
Message-ID: <20180626132854.GZ20518@intel.com> (raw)
In-Reply-To: <20180625121844.GA12466@embeddedor.com>
On Mon, Jun 25, 2018 at 07:18:44AM -0500, Gustavo A. R. Silva wrote:
> fb is being dereferenced before it is null checked, hence there
> is a potential null pointer dereference.
>
> Fix this by moving the pointer dereference after fb has been
> properly null checked at line 74: if (!fb)
I don't remember if set_base w/ fb==NULL is even legal. But as long as
the check is there this seems sane. Pushed to drm-misc-next. Thanks for
the patch.
>
> Addresses-Coverity-ID: 1470169 ("Dereference before null check")
> Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
> ---
> drivers/gpu/drm/gma500/gma_display.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/gma500/gma_display.c b/drivers/gpu/drm/gma500/gma_display.c
> index c8f071c..f767579 100644
> --- a/drivers/gpu/drm/gma500/gma_display.c
> +++ b/drivers/gpu/drm/gma500/gma_display.c
> @@ -60,7 +60,7 @@ int gma_pipe_set_base(struct drm_crtc *crtc, int x, int y,
> struct drm_psb_private *dev_priv = dev->dev_private;
> struct gma_crtc *gma_crtc = to_gma_crtc(crtc);
> struct drm_framebuffer *fb = crtc->primary->fb;
> - struct gtt_range *gtt = to_gtt_range(fb->obj[0]);
> + struct gtt_range *gtt;
> int pipe = gma_crtc->pipe;
> const struct psb_offset *map = &dev_priv->regmap[pipe];
> unsigned long start, offset;
> @@ -76,6 +76,8 @@ int gma_pipe_set_base(struct drm_crtc *crtc, int x, int y,
> goto gma_pipe_cleaner;
> }
>
> + gtt = to_gtt_range(fb->obj[0]);
> +
> /* We are displaying this buffer, make sure it is actually loaded
> into the GTT */
> ret = psb_gtt_pin(gtt);
> --
> 2.7.4
>
> _______________________________________________
> dri-devel mailing list
> dri-devel@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/dri-devel
--
Ville Syrjälä
Intel
prev parent reply other threads:[~2018-06-26 13:29 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-25 12:18 [PATCH] drm/gma500: Fix potential NULL pointer dereference Gustavo A. R. Silva
2018-06-26 13:28 ` Ville Syrjälä [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180626132854.GZ20518@intel.com \
--to=ville.syrjala@linux.intel.com \
--cc=airlied@linux.ie \
--cc=dri-devel@lists.freedesktop.org \
--cc=gustavo@embeddedor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=patrik.r.jakobsson@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox