[bug report] drm: Use atomic state for FB in legacy ioctls

Fri Jan 13 12:56:27 UTC 2017

Hello Daniel Stone,

This is a semi-automatic email about new static checker warnings.

The patch de7b6be7f300: "drm: Use atomic state for FB in legacy 
ioctls" from Dec 13, 2016, leads to the following Smatch complaint:

drivers/gpu/drm/drm_crtc.c:392 drm_mode_getcrtc()
	 error: we previously assumed 'crtc->primary->state' could be null (see line 384)

drivers/gpu/drm/drm_crtc.c
   383	
   384		if (crtc->primary->state && crtc->primary->state->fb)
                    ^^^^^^^^^^^^^^^^^^^^
New check for NULL.

   385			crtc_resp->fb_id = crtc->primary->state->fb->base.id;
   386		else if (!crtc->primary->state && crtc->primary->fb)
   387			crtc_resp->fb_id = crtc->primary->fb->base.id;
   388		else
   389			crtc_resp->fb_id = 0;
   390	
   391		if (crtc->state) {
   392			crtc_resp->x = crtc->primary->state->src_x >> 16;
                                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^
Old unchecked dereference.  It's possible that non-NULL "crtc->state"
implies a non-NULL "crtc->primary->state", but I didn't spot the
relationship immediately.

   393			crtc_resp->y = crtc->primary->state->src_y >> 16;
   394			if (crtc->state->enable) {

regards,
dan carpenter