[PATCH] drm/amdgpu/display: Fix null pointer dereference in dc_stream_program_cursor_position

Wed May 22 18:05:51 UTC 2024


On 2024-05-22 11:36, Srinivasan Shanmugam wrote:
> The fix involves adding a null check for 'stream' at the beginning of
> the function. If 'stream' is NULL, the function immediately returns
> false. This ensures that 'stream' is not NULL when we dereference it to
> access 'ctx' in 'dc = stream->ctx->dc;' the function.
> 
> Fixes the below:
> 	drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c:398 dc_stream_program_cursor_position()
> 	error: we previously assumed 'stream' could be null (see line 397)
> 
> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c
>     389 bool dc_stream_program_cursor_position(
>     390         struct dc_stream_state *stream,
>     391         const struct dc_cursor_position *position)
>     392 {
>     393         struct dc *dc;
>     394         bool reset_idle_optimizations = false;
>     395         const struct dc_cursor_position *old_position;
>     396
>     397         old_position = stream ? &stream->cursor_position : NULL;
>                                ^^^^^^^^
> The patch adds a NULL check
> 
> --> 398         dc = stream->ctx->dc;
>                      ^^^^^^^^
> The old code didn't check
> 
>     399
>     400         if (dc_stream_set_cursor_position(stream, position)) {
>     401                 dc_z10_restore(dc);
>     402
>     403                 /* disable idle optimizations if enabling cursor */
>     404                 if (dc->idle_optimizations_allowed &&
>     405                     (!old_position->enable || dc->debug.exit_idle_opt_for_cursor_updates) &&
>     406                     position->enable) {
>     407                         dc_allow_idle_optimizations(dc, false);
> 
> Fixes: f63f86b5affc ("drm/amd/display: Separate setting and programming of cursor")
> Reported-by: Dan Carpenter <dan.carpenter at linaro.org>
> Cc: Harry Wentland <harry.wentland at amd.com>
> Cc: Tom Chung <chiahsuan.chung at amd.com>
> Cc: Rodrigo Siqueira <Rodrigo.Siqueira at amd.com>
> Cc: Roman Li <roman.li at amd.com>
> Cc: Aurabindo Pillai <aurabindo.pillai at amd.com>
> Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam at amd.com>

Reviewed-by: Harry Wentland <harry.wentland at amd.com>

Harry

> ---
>  drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_stream.c b/drivers/gpu/drm/amd/display/dc/core/dc_stream.c
> index de48084eac25..55e1c19b97f1 100644
> --- a/drivers/gpu/drm/amd/display/dc/core/dc_stream.c
> +++ b/drivers/gpu/drm/amd/display/dc/core/dc_stream.c
> @@ -394,7 +394,10 @@ bool dc_stream_program_cursor_position(
>  	bool reset_idle_optimizations = false;
>  	const struct dc_cursor_position *old_position;
>  
> -	old_position = stream ? &stream->cursor_position : NULL;
> +	if (!stream)
> +		return false;
> +
> +	old_position = &stream->cursor_position;
>  	dc = stream->ctx->dc;
>  
>  	if (dc_stream_set_cursor_position(stream, position)) {