drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 2 ++ 1 file changed, 2 insertions(+)
The drm_atomic_get_new_connector_state() can return NULL if the
connector is not part of the atomic state. Add a check to prevent
a NULL pointer dereference.
This follows the same pattern used in dpu_encoder_update_topology()
within the same file, which checks for NULL before using conn_state.
Signed-off-by: Chenyuan Yang <chenyuan0y@gmail.com>
Fixes: 1ce69c265a53 ("drm/msm/dpu: move resource allocation to CRTC")
---
drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c
index c0ed110a7d30..4bddb9504796 100644
--- a/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c
+++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c
@@ -729,6 +729,8 @@ bool dpu_encoder_needs_modeset(struct drm_encoder *drm_enc, struct drm_atomic_st
return false;
conn_state = drm_atomic_get_new_connector_state(state, connector);
+ if (!conn_state)
+ return false;
/**
* These checks are duplicated from dpu_encoder_update_topology() since
--
2.34.1On Tue, Jul 22, 2025 at 04:17:40PM -0500, Chenyuan Yang wrote:
> The drm_atomic_get_new_connector_state() can return NULL if the
> connector is not part of the atomic state. Add a check to prevent
> a NULL pointer dereference.
>
> This follows the same pattern used in dpu_encoder_update_topology()
> within the same file, which checks for NULL before using conn_state.
>
> Signed-off-by: Chenyuan Yang <chenyuan0y@gmail.com>
> Fixes: 1ce69c265a53 ("drm/msm/dpu: move resource allocation to CRTC")
> ---
> drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c
> index c0ed110a7d30..4bddb9504796 100644
> --- a/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c
> +++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c
> @@ -729,6 +729,8 @@ bool dpu_encoder_needs_modeset(struct drm_encoder *drm_enc, struct drm_atomic_st
> return false;
>
> conn_state = drm_atomic_get_new_connector_state(state, connector);
> + if (!conn_state)
> + return false;
Did this happen in a real case or is it just
yet-another-static-analysys?
>
> /**
> * These checks are duplicated from dpu_encoder_update_topology() since
> --
> 2.34.1
>
--
With best wishes
Dmitry
On Wed, Jul 23, 2025 at 12:05 PM Dmitry Baryshkov
<dmitry.baryshkov@oss.qualcomm.com> wrote:
>
> On Tue, Jul 22, 2025 at 04:17:40PM -0500, Chenyuan Yang wrote:
> > The drm_atomic_get_new_connector_state() can return NULL if the
> > connector is not part of the atomic state. Add a check to prevent
> > a NULL pointer dereference.
> >
> > This follows the same pattern used in dpu_encoder_update_topology()
> > within the same file, which checks for NULL before using conn_state.
> >
> > Signed-off-by: Chenyuan Yang <chenyuan0y@gmail.com>
> > Fixes: 1ce69c265a53 ("drm/msm/dpu: move resource allocation to CRTC")
> > ---
> > drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 2 ++
> > 1 file changed, 2 insertions(+)
> >
> > diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c
> > index c0ed110a7d30..4bddb9504796 100644
> > --- a/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c
> > +++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c
> > @@ -729,6 +729,8 @@ bool dpu_encoder_needs_modeset(struct drm_encoder *drm_enc, struct drm_atomic_st
> > return false;
> >
> > conn_state = drm_atomic_get_new_connector_state(state, connector);
> > + if (!conn_state)
> > + return false;
>
> Did this happen in a real case or is it just
> yet-another-static-analysys?
This is a static-analysis detected bug.
> >
> > /**
> > * These checks are duplicated from dpu_encoder_update_topology() since
> > --
> > 2.34.1
> >
>
> --
> With best wishes
> Dmitry
On Wed, Jul 23, 2025 at 12:43:06PM -0700, Chenyuan Yang wrote:
> On Wed, Jul 23, 2025 at 12:05 PM Dmitry Baryshkov
> <dmitry.baryshkov@oss.qualcomm.com> wrote:
> >
> > On Tue, Jul 22, 2025 at 04:17:40PM -0500, Chenyuan Yang wrote:
> > > The drm_atomic_get_new_connector_state() can return NULL if the
> > > connector is not part of the atomic state. Add a check to prevent
> > > a NULL pointer dereference.
> > >
> > > This follows the same pattern used in dpu_encoder_update_topology()
> > > within the same file, which checks for NULL before using conn_state.
> > >
> > > Signed-off-by: Chenyuan Yang <chenyuan0y@gmail.com>
> > > Fixes: 1ce69c265a53 ("drm/msm/dpu: move resource allocation to CRTC")
> > > ---
> > > drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 2 ++
> > > 1 file changed, 2 insertions(+)
> > >
> > > diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c
> > > index c0ed110a7d30..4bddb9504796 100644
> > > --- a/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c
> > > +++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c
> > > @@ -729,6 +729,8 @@ bool dpu_encoder_needs_modeset(struct drm_encoder *drm_enc, struct drm_atomic_st
> > > return false;
> > >
> > > conn_state = drm_atomic_get_new_connector_state(state, connector);
> > > + if (!conn_state)
> > > + return false;
> >
> > Did this happen in a real case or is it just
> > yet-another-static-analysys?
>
> This is a static-analysis detected bug.
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>
>
> > >
> > > /**
> > > * These checks are duplicated from dpu_encoder_update_topology() since
> > > --
> > > 2.34.1
> > >
> >
> > --
> > With best wishes
> > Dmitry
--
With best wishes
Dmitry
© 2016 - 2025 Red Hat, Inc.