| Message ID | 20171205174628.GA31189@embeddedor.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Tue, Dec 05, 2017 at 11:46:28AM -0600, Gustavo A. R. Silva wrote: > fb_helper is being dereferenced before it is null checked, > hence there is a potential null pointer dereference. > > Fix this by moving the pointer dereference after fb_helper > has been null checked. > > This issue was detected with the help of Coccinelle. > > Fixes: c777990fb45b ("drm/fb-helper: Handle function NULL argument") > Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com> Oops. Applied to drm-misc-next, thanks for your patch. -Daniel > --- > drivers/gpu/drm/drm_fb_helper.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c > index 6654f2f..04a3a5c 100644 > --- a/drivers/gpu/drm/drm_fb_helper.c > +++ b/drivers/gpu/drm/drm_fb_helper.c > @@ -178,7 +178,7 @@ EXPORT_SYMBOL(drm_fb_helper_add_one_connector); > */ > int drm_fb_helper_single_add_all_connectors(struct drm_fb_helper *fb_helper) > { > - struct drm_device *dev = fb_helper->dev; > + struct drm_device *dev; > struct drm_connector *connector; > struct drm_connector_list_iter conn_iter; > int i, ret = 0; > @@ -186,6 +186,8 @@ int drm_fb_helper_single_add_all_connectors(struct drm_fb_helper *fb_helper) > if (!drm_fbdev_emulation || !fb_helper) > return 0; > > + dev = fb_helper->dev; > + > mutex_lock(&fb_helper->lock); > drm_connector_list_iter_begin(dev, &conn_iter); > drm_for_each_connector_iter(connector, &conn_iter) { > -- > 2.7.4 > > _______________________________________________ > dri-devel mailing list > dri-devel@lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/dri-devel
Quoting Daniel Vetter <daniel@ffwll.ch>: > On Tue, Dec 05, 2017 at 11:46:28AM -0600, Gustavo A. R. Silva wrote: >> fb_helper is being dereferenced before it is null checked, >> hence there is a potential null pointer dereference. >> >> Fix this by moving the pointer dereference after fb_helper >> has been null checked. >> >> This issue was detected with the help of Coccinelle. >> >> Fixes: c777990fb45b ("drm/fb-helper: Handle function NULL argument") >> Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com> > > Oops. Applied to drm-misc-next, thanks for your patch. > -Daniel > Glad to help. :) Thanks -- Gustavo A. R. Silva
diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c index 6654f2f..04a3a5c 100644 --- a/drivers/gpu/drm/drm_fb_helper.c +++ b/drivers/gpu/drm/drm_fb_helper.c @@ -178,7 +178,7 @@ EXPORT_SYMBOL(drm_fb_helper_add_one_connector); */ int drm_fb_helper_single_add_all_connectors(struct drm_fb_helper *fb_helper) { - struct drm_device *dev = fb_helper->dev; + struct drm_device *dev; struct drm_connector *connector; struct drm_connector_list_iter conn_iter; int i, ret = 0; @@ -186,6 +186,8 @@ int drm_fb_helper_single_add_all_connectors(struct drm_fb_helper *fb_helper) if (!drm_fbdev_emulation || !fb_helper) return 0; + dev = fb_helper->dev; + mutex_lock(&fb_helper->lock); drm_connector_list_iter_begin(dev, &conn_iter); drm_for_each_connector_iter(connector, &conn_iter) {
fb_helper is being dereferenced before it is null checked, hence there is a potential null pointer dereference. Fix this by moving the pointer dereference after fb_helper has been null checked. This issue was detected with the help of Coccinelle. Fixes: c777990fb45b ("drm/fb-helper: Handle function NULL argument") Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com> --- drivers/gpu/drm/drm_fb_helper.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)