<div><div><br></div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Jul 22, 2025 at 23:57 Maxime Ripard <<a href="mailto:mripard@kernel.org" target="_blank">mripard@kernel.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204)">On Tue, Jul 22, 2025 at 03:41:14PM -0500, Chenyuan Yang wrote:<br>
> drm_atomic_get_new_connector_for_encoder and<br>
> drm_atomic_get_new_connector_state could return Null.<br>
<br>
They can, but not in that scenario. atomic_enable will never be called<br>
if either would return NULL.<br>
<br>
In which situation did you trigger this bug?</blockquote><div dir="auto"><br></div><div dir="auto">This is found by our static analysis tool based on the fact that <div dir="auto"><span style="font-size:17px;font-style:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;float:none;display:inline!important;color:rgb(0,0,0)">drm_atomic_get_new_connector_</span><span style="font-size:17px;font-style:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;float:none;display:inline!important;color:rgb(0,0,0)">state() could return NULL. We also noticed that under the same dir, </span><span style="color:rgb(0,0,0)">ITE IT6505 transmitter has such checks. Thus, we assume it would be good to have similar checks here.</span></div></div><div dir="auto"><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204)" dir="auto"><br>
> Thus, add the null pointer check for them with a similar format with<br>
> it6505_bridge_atomic_enable in ITE IT6505.<br>
> <br>
> Signed-off-by: Chenyuan Yang <<a href="mailto:chenyuan0y@gmail.com" target="_blank">chenyuan0y@gmail.com</a>><br>
> Fixes: 049723628716 ("drm/bridge: Add ITE IT6263 LVDS to HDMI converter")<br>
> ---<br>
>  drivers/gpu/drm/bridge/ite-it6263.c | 15 ++++++++++++++-<br>
>  1 file changed, 14 insertions(+), 1 deletion(-)<br>
> <br>
> diff --git a/drivers/gpu/drm/bridge/ite-it6263.c b/drivers/gpu/drm/bridge/ite-it6263.c<br>
> index a3a63a977b0a..3a20b2088bf9 100644<br>
> --- a/drivers/gpu/drm/bridge/ite-it6263.c<br>
> +++ b/drivers/gpu/drm/bridge/ite-it6263.c<br>
> @@ -590,15 +590,28 @@ static void it6263_bridge_atomic_enable(struct drm_bridge *bridge,<br>
>       struct drm_connector *connector;<br>
>       bool is_stable = false;<br>
>       struct drm_crtc *crtc;<br>
> +     struct drm_connector_state *conn_state;<br>
>       unsigned int val;<br>
>       bool pclk_high;<br>
>       int i, ret;<br>
>  <br>
>       connector = drm_atomic_get_new_connector_for_encoder(state,<br>
>                                                            bridge->encoder);<br>
> -     crtc = drm_atomic_get_new_connector_state(state, connector)->crtc;<br>
> +     if (WARN_ON(!connector))<br>
> +             return;<br>
> +<br>
> +     conn_state = drm_atomic_get_new_connector_state(state, connector);<br>
> +     if (WARN_ON(!conn_state))<br>
> +             return;<br>
> +<br>
> +     crtc = conn_state->crtc;<br>
>       crtc_state = drm_atomic_get_new_crtc_state(state, crtc);<br>
> +     if (WARN_ON(!crtc_state))<br>
> +             return;<br>
> +<br>
>       mode = &crtc_state->adjusted_mode;<br>
> +     if (WARN_ON(!mode))<br>
> +             return;<br>
<br>
And that condition can never be true.<br>
<br>
Maxime<br>
</blockquote></div></div>
</div>