[PATCH] drm/vmwgfx: avoid null_ptr_deref in vmw_framebuffer_surface_create_handle
chenridong
chenridong at huawei.com
Thu Nov 14 03:04:28 UTC 2024
On 2024/10/29 16:34, Chen Ridong wrote:
> From: Chen Ridong <chenridong at huawei.com>
>
> The 'vmw_user_object_buffer' function may return NULL with incorrect
> inputs. To avoid possible null pointer dereference, add a check whether
> the 'bo' is NULL in the vmw_framebuffer_surface_create_handle.
>
> Fixes: d6667f0ddf46 ("drm/vmwgfx: Fix handling of dumb buffers")
> Signed-off-by: Chen Ridong <chenridong at huawei.com>
> ---
> drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
> index f39bf992364d..8db38927729b 100644
> --- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
> +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
> @@ -1265,6 +1265,8 @@ static int vmw_framebuffer_surface_create_handle(struct drm_framebuffer *fb,
> struct vmw_framebuffer_surface *vfbs = vmw_framebuffer_to_vfbs(fb);
> struct vmw_bo *bo = vmw_user_object_buffer(&vfbs->uo);
>
> + if (WARN_ON(!bo))
> + return -EINVAL;
> return drm_gem_handle_create(file_priv, &bo->tbo.base, handle);
> }
>
Friendly ping.
More information about the dri-devel
mailing list