[PATCH] drm/vmwgfx: avoid null_ptr_deref in vmw_framebuffer_surface_create_handle

Chen Ridong chenridong at huaweicloud.com
Thu Nov 7 07:52:35 UTC 2024



On 2024/10/29 16:34, Chen Ridong wrote:
> From: Chen Ridong <chenridong at huawei.com>
> 
> The 'vmw_user_object_buffer' function may return NULL with incorrect
> inputs. To avoid possible null pointer dereference, add a check whether
> the 'bo' is NULL in the vmw_framebuffer_surface_create_handle.
> 
> Fixes: d6667f0ddf46 ("drm/vmwgfx: Fix handling of dumb buffers")
> Signed-off-by: Chen Ridong <chenridong at huawei.com>
> ---
>  drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
> index f39bf992364d..8db38927729b 100644
> --- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
> +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
> @@ -1265,6 +1265,8 @@ static int vmw_framebuffer_surface_create_handle(struct drm_framebuffer *fb,
>  	struct vmw_framebuffer_surface *vfbs = vmw_framebuffer_to_vfbs(fb);
>  	struct vmw_bo *bo = vmw_user_object_buffer(&vfbs->uo);
>  
> +	if (WARN_ON(!bo))
> +		return -EINVAL;
>  	return drm_gem_handle_create(file_priv, &bo->tbo.base, handle);
>  }
>  

Friendly ping.



More information about the dri-devel mailing list