[v1] drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params

[PATCH] drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params

Posted by Ma Ke 9 months, 3 weeks ago

Null pointer dereference issue could occur when pipe_ctx->plane_state
is null. The fix adds a check to ensure 'pipe_ctx->plane_state' is not
null before accessing. This prevents a null pointer dereference.

Found by code review.

Cc: stable@vger.kernel.org
Fixes: 3be5262e353b ("drm/amd/display: Rename more dc_surface stuff to plane_state")
Signed-off-by: Ma Ke <make24@iscas.ac.cn>
---
 drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c
index 520a34a42827..88e8ae63a07f 100644
--- a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c
+++ b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c
@@ -1452,6 +1452,9 @@ bool resource_build_scaling_params(struct pipe_ctx *pipe_ctx)
 	struct scaling_taps temp = {0};
 	bool res = false;
 
+	if (!plane_state)
+		return false;
+
 	DC_LOGGER_INIT(pipe_ctx->stream->ctx->logger);
 
 	/* Invalid input */
-- 
2.25.1

Re: [PATCH] drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params

Posted by Alex Hung 9 months, 3 weeks ago


On 2/23/25 23:32, Ma Ke wrote:
> Null pointer dereference issue could occur when pipe_ctx->plane_state
> is null. The fix adds a check to ensure 'pipe_ctx->plane_state' is not
> null before accessing. This prevents a null pointer dereference.
> 
> Found by code review.
> 
> Cc: stable@vger.kernel.org
> Fixes: 3be5262e353b ("drm/amd/display: Rename more dc_surface stuff to plane_state")
> Signed-off-by: Ma Ke <make24@iscas.ac.cn>
> ---
>   drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 +++
>   1 file changed, 3 insertions(+)
> 
> diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c
> index 520a34a42827..88e8ae63a07f 100644
> --- a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c
> +++ b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c
> @@ -1452,6 +1452,9 @@ bool resource_build_scaling_params(struct pipe_ctx *pipe_ctx)
>   	struct scaling_taps temp = {0};
>   	bool res = false;
>   
> +	if (!plane_state)
> +		return false;
> +

This if statement can be merged with the following one such as below, 
and it also allows ASSERT to kick in instead of failing silently.


         DC_LOGGER_INIT(pipe_ctx->stream->ctx->logger);

         /* Invalid input */
-       if (!plane_state->dst_rect.width ||
-                       !plane_state->dst_rect.height ||
-                       !plane_state->src_rect.width ||
-                       !plane_state->src_rect.height) {
+       if (!plane_state ||
+           !plane_state->dst_rect.width ||
+           !plane_state->dst_rect.height ||
+           !plane_state->src_rect.width ||
+           !plane_state->src_rect.height) {
                 ASSERT(0);


>   	DC_LOGGER_INIT(pipe_ctx->stream->ctx->logger);
>   
>   	/* Invalid input */