| Message ID | 20231116065159.37876-1-shum.sdl@nppct.ru (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | tvnv17.c: Adding a NULL pointer check. | expand |
> Subject: tvnv17.c: Adding a NULL pointer check. As $ git log --oneline drivers/gpu/drm/nouveau/dispnv04/tvnv17.c 874ee2d67fc9 drm/nouveau: Remove unnecessary include statements for drm_crtc_helper.h 80ed86d4b6d7 drm/connector: Rename drm_mode_create_tv_properties 1fd4a5a36f9f drm/connector: Rename legacy TV property 09838c4efe9a drm/nouveau/kms: Search for encoders' connectors properly 2574c809d7c0 drm/nouveau/kms/nv04-nv4x: Use match_string() helper to simplify the code ... shows, a better prefix should be drm/nouveau: and there should not be a dot at the end. e.g. drm/nouveau: Avoid NPE in nv17_tv_get_XX_modes() On 16.11.2023 09:51, Andrey Shumilin wrote: > It is possible to dereference a null pointer if drm_mode_duplicate() returns NULL. I would suggest to add a little bit more details: drm_mode_duplicate() may return NULL in case of error, e.g. if memory allocation fails. It leads to NULL pointer dereference in nv17_tv_get_ld_modes() and nv17_tv_get_hd_modes(), since they do not check if drm_mode_duplicate() succeeds. Otherwise, looks good. Reviewed-by: Alexey Khoroshilov <khoroshilov@ispras.ru> > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Signed-off-by: Andrey Shumilin <shum.sdl@nppct.ru> > --- > drivers/gpu/drm/nouveau/dispnv04/tvnv17.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/nouveau/dispnv04/tvnv17.c b/drivers/gpu/drm/nouveau/dispnv04/tvnv17.c > index 670c9739e5e1..1f0c5f4a5fd2 100644 > --- a/drivers/gpu/drm/nouveau/dispnv04/tvnv17.c > +++ b/drivers/gpu/drm/nouveau/dispnv04/tvnv17.c > @@ -209,7 +209,8 @@ static int nv17_tv_get_ld_modes(struct drm_encoder *encoder, > struct drm_display_mode *mode; > > mode = drm_mode_duplicate(encoder->dev, tv_mode); > - > + if (mode == NULL) > + continue; > mode->clock = tv_norm->tv_enc_mode.vrefresh * > mode->htotal / 1000 * > mode->vtotal / 1000; > @@ -258,6 +259,8 @@ static int nv17_tv_get_hd_modes(struct drm_encoder *encoder, > if (modes[i].hdisplay == output_mode->hdisplay && > modes[i].vdisplay == output_mode->vdisplay) { > mode = drm_mode_duplicate(encoder->dev, output_mode); > + if (mode == NULL) > + continue; > mode->type |= DRM_MODE_TYPE_PREFERRED; > > } else { >
diff --git a/drivers/gpu/drm/nouveau/dispnv04/tvnv17.c b/drivers/gpu/drm/nouveau/dispnv04/tvnv17.c index 670c9739e5e1..1f0c5f4a5fd2 100644 --- a/drivers/gpu/drm/nouveau/dispnv04/tvnv17.c +++ b/drivers/gpu/drm/nouveau/dispnv04/tvnv17.c @@ -209,7 +209,8 @@ static int nv17_tv_get_ld_modes(struct drm_encoder *encoder, struct drm_display_mode *mode; mode = drm_mode_duplicate(encoder->dev, tv_mode); - + if (mode == NULL) + continue; mode->clock = tv_norm->tv_enc_mode.vrefresh * mode->htotal / 1000 * mode->vtotal / 1000; @@ -258,6 +259,8 @@ static int nv17_tv_get_hd_modes(struct drm_encoder *encoder, if (modes[i].hdisplay == output_mode->hdisplay && modes[i].vdisplay == output_mode->vdisplay) { mode = drm_mode_duplicate(encoder->dev, output_mode); + if (mode == NULL) + continue; mode->type |= DRM_MODE_TYPE_PREFERRED; } else {
It is possible to dereference a null pointer if drm_mode_duplicate() returns NULL. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Andrey Shumilin <shum.sdl@nppct.ru> --- drivers/gpu/drm/nouveau/dispnv04/tvnv17.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)