[PATCH] drm/amdgpu/display: Fix null pointer dereference in dc_stream_program_cursor_position

Wed May 22 15:36:38 UTC 2024

The fix involves adding a null check for 'stream' at the beginning of
the function. If 'stream' is NULL, the function immediately returns
false. This ensures that 'stream' is not NULL when we dereference it to
access 'ctx' in 'dc = stream->ctx->dc;' the function.

Fixes the below:
	drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c:398 dc_stream_program_cursor_position()
	error: we previously assumed 'stream' could be null (see line 397)

drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c
    389 bool dc_stream_program_cursor_position(
    390         struct dc_stream_state *stream,
    391         const struct dc_cursor_position *position)
    392 {
    393         struct dc *dc;
    394         bool reset_idle_optimizations = false;
    395         const struct dc_cursor_position *old_position;
    396
    397         old_position = stream ? &stream->cursor_position : NULL;
                               ^^^^^^^^
The patch adds a NULL check

--> 398         dc = stream->ctx->dc;
                     ^^^^^^^^
The old code didn't check

    399
    400         if (dc_stream_set_cursor_position(stream, position)) {
    401                 dc_z10_restore(dc);
    402
    403                 /* disable idle optimizations if enabling cursor */
    404                 if (dc->idle_optimizations_allowed &&
    405                     (!old_position->enable || dc->debug.exit_idle_opt_for_cursor_updates) &&
    406                     position->enable) {
    407                         dc_allow_idle_optimizations(dc, false);

Fixes: f63f86b5affc ("drm/amd/display: Separate setting and programming of cursor")
Reported-by: Dan Carpenter <dan.carpenter at linaro.org>
Cc: Harry Wentland <harry.wentland at amd.com>
Cc: Tom Chung <chiahsuan.chung at amd.com>
Cc: Rodrigo Siqueira <Rodrigo.Siqueira at amd.com>
Cc: Roman Li <roman.li at amd.com>
Cc: Aurabindo Pillai <aurabindo.pillai at amd.com>
Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam at amd.com>
---
 drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_stream.c b/drivers/gpu/drm/amd/display/dc/core/dc_stream.c
index de48084eac25..55e1c19b97f1 100644
--- a/drivers/gpu/drm/amd/display/dc/core/dc_stream.c
+++ b/drivers/gpu/drm/amd/display/dc/core/dc_stream.c
@@ -394,7 +394,10 @@ bool dc_stream_program_cursor_position(
 	bool reset_idle_optimizations = false;
 	const struct dc_cursor_position *old_position;
 
-	old_position = stream ? &stream->cursor_position : NULL;
+	if (!stream)
+		return false;
+
+	old_position = &stream->cursor_position;
 	dc = stream->ctx->dc;
 
 	if (dc_stream_set_cursor_position(stream, position)) {
-- 
2.34.1

