[PATCH] drm/amd/display: Use after free in dmub_psr_destroy()
Michel Dänzer
michel at daenzer.net
Fri Feb 28 10:05:11 UTC 2020
On 2020-02-28 9:22 a.m., Dan Carpenter wrote:
> These lines need to be re-ordered so that we don't dereference "dmub"
> after we just freed it.
>
> Fixes: 4c1a1335dfe0 ("drm/amd/display: Driverside changes to support PSR in DMCUB")
> Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
> ---
> drivers/gpu/drm/amd/display/dc/dce/dmub_psr.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/amd/display/dc/dce/dmub_psr.c b/drivers/gpu/drm/amd/display/dc/dce/dmub_psr.c
> index 2c932c29f1f9..dc858b152c6e 100644
> --- a/drivers/gpu/drm/amd/display/dc/dce/dmub_psr.c
> +++ b/drivers/gpu/drm/amd/display/dc/dce/dmub_psr.c
> @@ -235,6 +235,6 @@ struct dmub_psr *dmub_psr_create(struct dc_context *ctx)
> */
> void dmub_psr_destroy(struct dmub_psr **dmub)
> {
> - kfree(dmub);
> *dmub = NULL;
> + kfree(dmub);
> }
>
Maybe
kfree(*dmub);
was intended instead?
Actually, this function and others in this file seem completely unused?
--
Earthling Michel Dänzer | https://redhat.com
Libre software enthusiast | Mesa and X developer
More information about the amd-gfx
mailing list