Question about possible NULL Pointer Dereference in hx83102_get_modes()

Maxime Ripard mripard at kernel.org
Thu Oct 10 07:31:49 UTC 2024


Hi,

On Wed, Oct 09, 2024 at 02:38:22PM GMT, Zichen Xie wrote:
> Dear Developers for DRM PANEL DRIVERS,
> 
> We are developing a static analyzer for Linux Kernel, and we are
> curious about the function drm_mode_duplicate() in
> hx83102_get_modes().
> https://elixir.bootlin.com/linux/v6.12-rc2/source/drivers/gpu/drm/panel/panel-himax-hx83102.c#L567
> 
> ```
> 
> struct drm_display_mode *mode;
> 
> mode = drm_mode_duplicate(connector->dev, m);
> 
> mode->type = DRM_MODE_TYPE_DRIVER | DRM_MODE_TYPE_PREFERRED;
> 
> ```
> 
> drm_mode_duplicate() will return NULL if it fails to allocate memory,
> so NULL check is necessary for this function.
> Directly accessing 'mode->type' may lead to NULL Pointer Dereference.

Yes and no. drm_mode_create uses kzalloc to create the new mode
structure, and any kmalloc (GFP, really) allocations below 8 pages
cannot fail.

So, from an API standpoint, you're right. From a practical one, it won't
change anything.

Maxime
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 273 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/dri-devel/attachments/20241010/0436d68c/attachment.sig>


More information about the dri-devel mailing list