[PATCH V2] hw/display/exynos4210_fimd: Fix potential NULL pointer dereference

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [PATCH V2] hw/display/exynos4210_fimd: Fix potential NULL pointer dereference
@ 2020-11-02  4:39 AlexChen
  2020-11-02  9:16 ` Philippe Mathieu-Daudé
  0 siblings, 1 reply; 5+ messages in thread
From: AlexChen @ 2020-11-02  4:39 UTC (permalink / raw)
  To: Peter Maydell; +Cc: QEMU Trivial, qemu-arm, QEMU, zhang.zhanghailiang

In exynos4210_fimd_update(), the pointer s is dereferinced before
being check if it is valid, which may lead to NULL pointer dereference.
So move the assignment to global_width after checking that the s is valid.

Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: Alex Chen <alex.chen@huawei.com>
---
 hw/display/exynos4210_fimd.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/hw/display/exynos4210_fimd.c b/hw/display/exynos4210_fimd.c
index 4c16e1f5a0..34a960a976 100644
--- a/hw/display/exynos4210_fimd.c
+++ b/hw/display/exynos4210_fimd.c
@@ -1275,12 +1275,14 @@ static void exynos4210_fimd_update(void *opaque)
     bool blend = false;
     uint8_t *host_fb_addr;
     bool is_dirty = false;
-    const int global_width = (s->vidtcon[2] & FIMD_VIDTCON2_SIZE_MASK) + 1;
+    int global_width;

     if (!s || !s->console || !s->enabled ||
         surface_bits_per_pixel(qemu_console_surface(s->console)) == 0) {
         return;
     }
+
+    global_width = (s->vidtcon[2] & FIMD_VIDTCON2_SIZE_MASK) + 1;
     exynos4210_update_resolution(s);
     surface = qemu_console_surface(s->console);

-- 
2.19.1


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH V2] hw/display/exynos4210_fimd: Fix potential NULL pointer dereference
  2020-11-02  4:39 [PATCH V2] hw/display/exynos4210_fimd: Fix potential NULL pointer dereference AlexChen
@ 2020-11-02  9:16 ` Philippe Mathieu-Daudé
  2020-11-02 10:10   ` AlexChen
  2020-11-02 10:13   ` [PATCH V3] " AlexChen
  0 siblings, 2 replies; 5+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-11-02  9:16 UTC (permalink / raw)
  To: AlexChen, Peter Maydell; +Cc: QEMU Trivial, qemu-arm, QEMU, zhang.zhanghailiang

On 11/2/20 5:39 AM, AlexChen wrote:
> In exynos4210_fimd_update(), the pointer s is dereferinced before

Typo dereferinced -> dereferenced.

> being check if it is valid, which may lead to NULL pointer dereference.
> So move the assignment to global_width after checking that the s is valid.

Easier to read "after checking 's' is valid."

> 
> Reported-by: Euler Robot <euler.robot@huawei.com>
> Signed-off-by: Alex Chen <alex.chen@huawei.com>
> ---
>  hw/display/exynos4210_fimd.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>



^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH V2] hw/display/exynos4210_fimd: Fix potential NULL pointer dereference
  2020-11-02  9:16 ` Philippe Mathieu-Daudé
@ 2020-11-02 10:10   ` AlexChen
  2020-11-02 10:13   ` [PATCH V3] " AlexChen
  1 sibling, 0 replies; 5+ messages in thread
From: AlexChen @ 2020-11-02 10:10 UTC (permalink / raw)
  To: Philippe Mathieu-Daudé
  Cc: QEMU Trivial, Peter Maydell, qemu-arm, QEMU, zhang.zhanghailiang

On 2020/11/2 17:16, Philippe Mathieu-Daudé wrote:
> On 11/2/20 5:39 AM, AlexChen wrote:
>> In exynos4210_fimd_update(), the pointer s is dereferinced before
> 
> Typo dereferinced -> dereferenced.
> 
>> being check if it is valid, which may lead to NULL pointer dereference.
>> So move the assignment to global_width after checking that the s is valid.
> 
> Easier to read "after checking 's' is valid."
> 
>>
>> Reported-by: Euler Robot <euler.robot@huawei.com>
>> Signed-off-by: Alex Chen <alex.chen@huawei.com>
>> ---
>>  hw/display/exynos4210_fimd.c | 4 +++-
>>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> 

Thanks for your review, I will fix it in my patch V3.

Thanks,
Alex



^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH V3] hw/display/exynos4210_fimd: Fix potential NULL pointer dereference
  2020-11-02  9:16 ` Philippe Mathieu-Daudé
  2020-11-02 10:10   ` AlexChen
@ 2020-11-02 10:13   ` AlexChen
  2020-11-02 12:02     ` Peter Maydell
  1 sibling, 1 reply; 5+ messages in thread
From: AlexChen @ 2020-11-02 10:13 UTC (permalink / raw)
  To: Philippe Mathieu-Daudé
  Cc: QEMU Trivial, Peter Maydell, qemu-arm, QEMU, zhang.zhanghailiang

In exynos4210_fimd_update(), the pointer 's' is dereferenced before
checking it is valid, which may lead to NULL pointer dereference.
So move the assignment to global_width after checking 's' is valid.

Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: Alex Chen <alex.chen@huawei.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 hw/display/exynos4210_fimd.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/hw/display/exynos4210_fimd.c b/hw/display/exynos4210_fimd.c
index 4c16e1f5a0..34a960a976 100644
--- a/hw/display/exynos4210_fimd.c
+++ b/hw/display/exynos4210_fimd.c
@@ -1275,12 +1275,14 @@ static void exynos4210_fimd_update(void *opaque)
     bool blend = false;
     uint8_t *host_fb_addr;
     bool is_dirty = false;
-    const int global_width = (s->vidtcon[2] & FIMD_VIDTCON2_SIZE_MASK) + 1;
+    int global_width;

     if (!s || !s->console || !s->enabled ||
         surface_bits_per_pixel(qemu_console_surface(s->console)) == 0) {
         return;
     }
+
+    global_width = (s->vidtcon[2] & FIMD_VIDTCON2_SIZE_MASK) + 1;
     exynos4210_update_resolution(s);
     surface = qemu_console_surface(s->console);

-- 
2.19.1


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH V3] hw/display/exynos4210_fimd: Fix potential NULL pointer dereference
  2020-11-02 10:13   ` [PATCH V3] " AlexChen
@ 2020-11-02 12:02     ` Peter Maydell
  0 siblings, 0 replies; 5+ messages in thread
From: Peter Maydell @ 2020-11-02 12:02 UTC (permalink / raw)
  To: AlexChen
  Cc: QEMU Trivial, qemu-arm, Philippe Mathieu-Daudé, QEMU,
	zhanghailiang

On Mon, 2 Nov 2020 at 10:13, AlexChen <alex.chen@huawei.com> wrote:
>
> In exynos4210_fimd_update(), the pointer 's' is dereferenced before
> checking it is valid, which may lead to NULL pointer dereference.
> So move the assignment to global_width after checking 's' is valid.
>
> Reported-by: Euler Robot <euler.robot@huawei.com>
> Signed-off-by: Alex Chen <alex.chen@huawei.com>
> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
>  hw/display/exynos4210_fimd.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)



Applied to target-arm.next, thanks.

-- PMM


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2020-11-02 12:04 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-11-02  4:39 [PATCH V2] hw/display/exynos4210_fimd: Fix potential NULL pointer dereference AlexChen
2020-11-02  9:16 ` Philippe Mathieu-Daudé
2020-11-02 10:10   ` AlexChen
2020-11-02 10:13   ` [PATCH V3] " AlexChen
2020-11-02 12:02     ` Peter Maydell

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).