1. Patchew
  2. linux
  3. View series

[PATCH] gpu-drm-tiny-cirrus: Add NULL check of pointer pipe->plane.state->fb in cirrus_pipe_update()

Alexander Sapozhnikov posted 1 patch 2 years, 6 months ago 
drivers/gpu/drm/tiny/cirrus.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[PATCH] gpu-drm-tiny-cirrus: Add NULL check of pointer pipe->plane.state->fb in cirrus_pipe_update()
Posted by Alexander Sapozhnikov 2 years, 6 months ago 
From: Alexandr Sapozhnikov <alsp705@gmail.com>

After having been compared to NULL value at cirrus.c:455, pointer 'pipe->plane.state->fb' is passed as
1st parameter in call to function 'cirrus_fb_blit_rect' at cirrus.c:461, where it is dereferenced at cirrus.c:316.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Signed-off-by: Alexandr Sapozhnikov <alsp705@gmail.com>
---
 drivers/gpu/drm/tiny/cirrus.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/tiny/cirrus.c b/drivers/gpu/drm/tiny/cirrus.c
index 678c2ef..ffa7e61 100644
--- a/drivers/gpu/drm/tiny/cirrus.c
+++ b/drivers/gpu/drm/tiny/cirrus.c
@@ -455,7 +455,7 @@ static void cirrus_pipe_update(struct drm_simple_display_pipe *pipe,
 	if (state->fb && cirrus->cpp != cirrus_cpp(state->fb))
 		cirrus_mode_set(cirrus, &crtc->mode, state->fb);
 
-	if (drm_atomic_helper_damage_merged(old_state, state, &rect))
+	if (state->fb && drm_atomic_helper_damage_merged(old_state, state, &rect))
 		cirrus_fb_blit_rect(state->fb, &shadow_plane_state->data[0], &rect);
 }
 
-- 
2.5.3
Re: [PATCH] gpu-drm-tiny-cirrus: Add NULL check of pointer pipe->plane.state->fb in cirrus_pipe_update()
Posted by Thomas Zimmermann 2 years, 6 months ago 
Hi

Am 15.02.23 um 18:15 schrieb Alexander Sapozhnikov:
> From: Alexandr Sapozhnikov <alsp705@gmail.com>
> 
> After having been compared to NULL value at cirrus.c:455, pointer 'pipe->plane.state->fb' is passed as
> 1st parameter in call to function 'cirrus_fb_blit_rect' at cirrus.c:461, where it is dereferenced at cirrus.c:316.
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Signed-off-by: Alexandr Sapozhnikov <alsp705@gmail.com>

Reviewed-by: Thomas Zimmermann <tzimmermann@suse.de>

I'll add you patch to drm-misc-fixes.

Best regards
Thomas

> ---
>   drivers/gpu/drm/tiny/cirrus.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/gpu/drm/tiny/cirrus.c b/drivers/gpu/drm/tiny/cirrus.c
> index 678c2ef..ffa7e61 100644
> --- a/drivers/gpu/drm/tiny/cirrus.c
> +++ b/drivers/gpu/drm/tiny/cirrus.c
> @@ -455,7 +455,7 @@ static void cirrus_pipe_update(struct drm_simple_display_pipe *pipe,
>   	if (state->fb && cirrus->cpp != cirrus_cpp(state->fb))
>   		cirrus_mode_set(cirrus, &crtc->mode, state->fb);
>   
> -	if (drm_atomic_helper_damage_merged(old_state, state, &rect))
> +	if (state->fb && drm_atomic_helper_damage_merged(old_state, state, &rect))
>   		cirrus_fb_blit_rect(state->fb, &shadow_plane_state->data[0], &rect);
>   }
>   

-- 
Thomas Zimmermann
Graphics Driver Developer
SUSE Software Solutions Germany GmbH
Maxfeldstr. 5, 90409 Nürnberg, Germany
(HRB 36809, AG Nürnberg)
Geschäftsführer: Ivo Totev

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.