Message ID | 20241112132005.469357-1-colin.i.king@gmail.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | drm/msm/a5xx: Fix dereference of pointer pdev before null check on pdev | expand |
On 11/12/24 14:20, Colin Ian King wrote: > The pointer config is dereferencing pointer pdev before pdev is null > checked, this could lead to a potential null pointer dereference on pdev. > Fix this by only assinging config after pdev has been null checked. > > Fixes: 736a93273656 ("drm/msm/a5xx: really check for A510 in a5xx_gpu_init") > Signed-off-by: Colin Ian King <colin.i.king@gmail.com> > --- I'd rather drop this check, the only call chain is rather safe here Konrad
diff --git a/drivers/gpu/drm/msm/adreno/a5xx_gpu.c b/drivers/gpu/drm/msm/adreno/a5xx_gpu.c index ee89db72e36e..e83081346059 100644 --- a/drivers/gpu/drm/msm/adreno/a5xx_gpu.c +++ b/drivers/gpu/drm/msm/adreno/a5xx_gpu.c @@ -1753,7 +1753,7 @@ struct msm_gpu *a5xx_gpu_init(struct drm_device *dev) { struct msm_drm_private *priv = dev->dev_private; struct platform_device *pdev = priv->gpu_pdev; - struct adreno_platform_config *config = pdev->dev.platform_data; + struct adreno_platform_config *config; struct a5xx_gpu *a5xx_gpu = NULL; struct adreno_gpu *adreno_gpu; struct msm_gpu *gpu; @@ -1764,6 +1764,7 @@ struct msm_gpu *a5xx_gpu_init(struct drm_device *dev) DRM_DEV_ERROR(dev->dev, "No A5XX device is defined\n"); return ERR_PTR(-ENXIO); } + config = pdev->dev.platform_data; a5xx_gpu = kzalloc(sizeof(*a5xx_gpu), GFP_KERNEL); if (!a5xx_gpu)
The pointer config is dereferencing pointer pdev before pdev is null checked, this could lead to a potential null pointer dereference on pdev. Fix this by only assinging config after pdev has been null checked. Fixes: 736a93273656 ("drm/msm/a5xx: really check for A510 in a5xx_gpu_init") Signed-off-by: Colin Ian King <colin.i.king@gmail.com> --- drivers/gpu/drm/msm/adreno/a5xx_gpu.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)