[PATCH] drm/omap: Potential NULL deref in omap_crtc_duplicate_state()
Tomi Valkeinen
tomi.valkeinen at ti.com
Wed Aug 16 09:55:08 UTC 2017
Texas Instruments Finland Oy, Porkkalankatu 22, 00180 Helsinki. Y-tunnus/Business ID: 0615521-4. Kotipaikka/Domicile: Helsinki
On 11/08/17 23:16, Dan Carpenter wrote:
> If the kmalloc() fails then we dereference "state" when we set
> "state->zpos".
>
> Fixes: 3dfeb631a15d ("drm/omap: Rework the rotation-on-crtc hack")
> Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
>
> diff --git a/drivers/gpu/drm/omapdrm/omap_crtc.c b/drivers/gpu/drm/omapdrm/omap_crtc.c
> index 400d0d2f6790..cc85c16cbc2a 100644
> --- a/drivers/gpu/drm/omapdrm/omap_crtc.c
> +++ b/drivers/gpu/drm/omapdrm/omap_crtc.c
> @@ -589,8 +589,10 @@ omap_crtc_duplicate_state(struct drm_crtc *crtc)
> current_state = to_omap_crtc_state(crtc->state);
>
> state = kmalloc(sizeof(*state), GFP_KERNEL);
> - if (state)
> - __drm_atomic_helper_crtc_duplicate_state(crtc, &state->base);
> + if (!state)
> + return NULL;
> +
> + __drm_atomic_helper_crtc_duplicate_state(crtc, &state->base);
>
> state->zpos = current_state->zpos;
> state->rotation = current_state->rotation;
>
Thanks! Applied.
Tomi
More information about the dri-devel
mailing list