[PATCH] drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update
Harry Wentland
harry.wentland at amd.com
Wed Jun 5 15:56:32 UTC 2024
On 2024-06-05 11:46, Srinivasan Shanmugam wrote:
> This commit adds a null check for the 'afb' variable in the
> amdgpu_dm_plane_handle_cursor_update function. Previously, 'afb' was
> assumed to be null, but was used later in the code without a null check.
> This could potentially lead to a null pointer dereference.
>
> Fixes the below:
> drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_plane.c:1298 amdgpu_dm_plane_handle_cursor_update() error: we previously assumed 'afb' could be null (see line 1252)
>
> Cc: Tom Chung <chiahsuan.chung at amd.com>
> Cc: Rodrigo Siqueira <Rodrigo.Siqueira at amd.com>
> Cc: Roman Li <roman.li at amd.com>
> Cc: Hersen Wu <hersenxs.wu at amd.com>
> Cc: Alex Hung <alex.hung at amd.com>
> Cc: Aurabindo Pillai <aurabindo.pillai at amd.com>
> Cc: Harry Wentland <harry.wentland at amd.com>
> Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam at amd.com>
Reviewed-by: Harry Wentland <harry.wentland at amd.com>
Harry
> ---
> .../drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c | 16 ++++++++++++----
> 1 file changed, 12 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c
> index a64f20fcddaa..b339642b86c0 100644
> --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c
> +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c
> @@ -1246,14 +1246,22 @@ void amdgpu_dm_plane_handle_cursor_update(struct drm_plane *plane,
> {
> struct amdgpu_device *adev = drm_to_adev(plane->dev);
> struct amdgpu_framebuffer *afb = to_amdgpu_framebuffer(plane->state->fb);
> - struct drm_crtc *crtc = afb ? plane->state->crtc : old_plane_state->crtc;
> - struct dm_crtc_state *crtc_state = crtc ? to_dm_crtc_state(crtc->state) : NULL;
> - struct amdgpu_crtc *amdgpu_crtc = to_amdgpu_crtc(crtc);
> - uint64_t address = afb ? afb->address : 0;
> + struct drm_crtc *crtc;
> + struct dm_crtc_state *crtc_state;
> + struct amdgpu_crtc *amdgpu_crtc;
> + u64 address;
> struct dc_cursor_position position = {0};
> struct dc_cursor_attributes attributes;
> int ret;
>
> + if (!afb)
> + return;
> +
> + crtc = plane->state->crtc ? plane->state->crtc : old_plane_state->crtc;
> + crtc_state = crtc ? to_dm_crtc_state(crtc->state) : NULL;
> + amdgpu_crtc = to_amdgpu_crtc(crtc);
> + address = afb->address;
> +
> if (!plane->state->fb && !old_plane_state->fb)
> return;
>
More information about the amd-gfx
mailing list