Potential NULL pointer dereference in radeon_ttm_tt_populate
Christian König
ckoenig.leichtzumerken at gmail.com
Tue Mar 19 09:16:07 UTC 2019
Hi Shaobo,
that question came up a couple of times now. And the answer is: No,
there can't be a NULL pointer dereference.
The function radeon_ttm_tt_to_gtt returns NULL only when it is an AGP
ttm structure, and that case is checked right before the offending code.
Unfortunately I don't see how an automated code checker should ever be
able to figure that out by itself.
Regards,
Christian.
Am 18.03.19 um 21:58 schrieb Shaobo He:
> Hello everyone,
>
> My name is Shaobo He and I am a graduate student at University of
> Utah. I am using a static analysis tool to search for null pointer
> dereferences and came across a potentially invalid memory access in
> the file drivers/gpu/drm/radeon/radeon_ttm.c: in function
> `radeon_ttm_tt_populate`, function `radeon_ttm_tt_to_gtt` can return a
> NULL pointer which is dereferenced by the call to
> `drm_prime_sg_to_page_addr_arrays`.
>
> Please let me know if it makes sense. I am looking forward to your reply.
>
> Best,
> Shaobo
> _______________________________________________
> amd-gfx mailing list
> amd-gfx at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/amd-gfx
More information about the amd-gfx
mailing list