drivers/gpu/drm/nouveau/dispnv04/tvnv17.c | 4 ++++ 1 file changed, 4 insertions(+)
In nv17_tv_get_hd_modes(), the return value of drm_mode_duplicate() is
assigned to mode, which will lead to a possible NULL pointer dereference
on failure of drm_mode_duplicate(). The same applies to drm_cvt_mode().
Add a check to avoid null pointer dereference.
Cc: stable@vger.kernel.org
Signed-off-by: Ma Ke <make24@iscas.ac.cn>
---
drivers/gpu/drm/nouveau/dispnv04/tvnv17.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/gpu/drm/nouveau/dispnv04/tvnv17.c b/drivers/gpu/drm/nouveau/dispnv04/tvnv17.c
index 670c9739e5e1..9c3dc9a5bb46 100644
--- a/drivers/gpu/drm/nouveau/dispnv04/tvnv17.c
+++ b/drivers/gpu/drm/nouveau/dispnv04/tvnv17.c
@@ -258,6 +258,8 @@ static int nv17_tv_get_hd_modes(struct drm_encoder *encoder,
if (modes[i].hdisplay == output_mode->hdisplay &&
modes[i].vdisplay == output_mode->vdisplay) {
mode = drm_mode_duplicate(encoder->dev, output_mode);
+ if (!mode)
+ continue;
mode->type |= DRM_MODE_TYPE_PREFERRED;
} else {
@@ -265,6 +267,8 @@ static int nv17_tv_get_hd_modes(struct drm_encoder *encoder,
modes[i].vdisplay, 60, false,
(output_mode->flags &
DRM_MODE_FLAG_INTERLACE), false);
+ if (!mode)
+ continue;
}
/* CVT modes are sometimes unsuitable... */
--
2.25.1Reviewed-by: Lyude Paul <lyude@redhat.com>
I will push this and the other patch that you sent upstream in just a
moment, thanks!
On Tue, 2024-06-25 at 16:10 +0800, Ma Ke wrote:
> In nv17_tv_get_hd_modes(), the return value of drm_mode_duplicate()
> is
> assigned to mode, which will lead to a possible NULL pointer
> dereference
> on failure of drm_mode_duplicate(). The same applies to
> drm_cvt_mode().
> Add a check to avoid null pointer dereference.
>
> Cc: stable@vger.kernel.org
> Signed-off-by: Ma Ke <make24@iscas.ac.cn>
> ---
> drivers/gpu/drm/nouveau/dispnv04/tvnv17.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/drivers/gpu/drm/nouveau/dispnv04/tvnv17.c
> b/drivers/gpu/drm/nouveau/dispnv04/tvnv17.c
> index 670c9739e5e1..9c3dc9a5bb46 100644
> --- a/drivers/gpu/drm/nouveau/dispnv04/tvnv17.c
> +++ b/drivers/gpu/drm/nouveau/dispnv04/tvnv17.c
> @@ -258,6 +258,8 @@ static int nv17_tv_get_hd_modes(struct
> drm_encoder *encoder,
> if (modes[i].hdisplay == output_mode->hdisplay &&
> modes[i].vdisplay == output_mode->vdisplay) {
> mode = drm_mode_duplicate(encoder->dev,
> output_mode);
> + if (!mode)
> + continue;
> mode->type |= DRM_MODE_TYPE_PREFERRED;
>
> } else {
> @@ -265,6 +267,8 @@ static int nv17_tv_get_hd_modes(struct
> drm_encoder *encoder,
> modes[i].vdisplay, 60,
> false,
> (output_mode->flags &
>
> DRM_MODE_FLAG_INTERLACE), false);
> + if (!mode)
> + continue;
> }
>
> /* CVT modes are sometimes unsuitable... */
--
Cheers,
Lyude Paul (she/her)
Software Engineer at Red Hat
> In nv17_tv_get_hd_modes(), the return value of drm_mode_duplicate() is > assigned to mode, which will lead to a possible NULL pointer dereference > on failure of drm_mode_duplicate(). The same applies to drm_cvt_mode(). > Add a check to avoid null pointer dereference. Can a wording approach (like the following) be a better change description? A null pointer is stored in the local variable “mode” after a call of the function “drm_cvt_mode” or “drm_mode_duplicate” failed. This pointer was used in subsequent statements where an undesirable dereference will be performed then. Thus add corresponding return value checks. > Cc: stable@vger.kernel.org Would you like to add the tag “Fixes” accordingly? How do you think about to use a summary phrase like “Prevent null pointer dereferences in nv17_tv_get_hd_modes()”? Regards, Markus
© 2016 - 2025 Red Hat, Inc.