[PATCH 10/12] staging: vboxvideo: Fix NULL ptr deref in vbox_set_up_input_mapping()

[Hans de Goede]

When vbox_set_up_input_mapping() gets called the first crtc might be
disable and not have a fb at all, triggering a NUL ptr deref at:

			vbox->input_mapping_width = CRTC_FB(crtci)->width;

Instead of using the fb from the crtc with id 0, just use the fb from
the first crtc with a fb. This is in the single_framebuffer = true path,
so all crtc-s point to the same fb anyways.

Signed-off-by: Hans de Goede <hdegoede at redhat.com>
---
 drivers/staging/vboxvideo/vbox_mode.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/staging/vboxvideo/vbox_mode.c b/drivers/staging/vboxvideo/vbox_mode.c
index 1a2416a59fe0..910ea19931c9 100644
--- a/drivers/staging/vboxvideo/vbox_mode.c
+++ b/drivers/staging/vboxvideo/vbox_mode.c
@@ -189,17 +189,17 @@ static bool vbox_set_up_input_mapping(struct vbox_private *vbox)
 		}
 	}
 	if (single_framebuffer) {
+		vbox->single_framebuffer = true;
 		list_for_each_entry(crtci, &vbox->ddev.mode_config.crtc_list,
 				    head) {
-			if (to_vbox_crtc(crtci)->crtc_id != 0)
+			if (!CRTC_FB(crtci))
 				continue;
 
-			vbox->single_framebuffer = true;
 			vbox->input_mapping_width = CRTC_FB(crtci)->width;
 			vbox->input_mapping_height = CRTC_FB(crtci)->height;
-			return old_single_framebuffer !=
-			       vbox->single_framebuffer;
+			break;
 		}
+		return old_single_framebuffer != vbox->single_framebuffer;
 	}
 	/* Otherwise calculate the total span of all screens. */
 	list_for_each_entry(connectori, &vbox->ddev.mode_config.connector_list,
-- 
2.19.0.rc1