[Intel-gfx] [PATCH] drm/i915: Fix possible null dereference in framebuffer_info debugfs function

Chris Wilson chris at chris-wilson.co.uk
Thu Nov 26 04:43:19 PST 2015 

On Thu, Nov 26, 2015 at 04:32:30PM +0530, Namrta Salonie wrote:
> Found by static code analysis tool.
> 
> v2: Inserted block instead of goto & renamed variables (Chris)
> 
> Signed-off-by: Namrta Salonie <namrta.salonie at intel.com>
> Signed-off-by: Deepak S <deepak.s at intel.com>
> ---
>  drivers/gpu/drm/i915/i915_debugfs.c |   32 +++++++++++++++-----------------
>  1 file changed, 15 insertions(+), 17 deletions(-)
> 
> diff --git a/drivers/gpu/drm/i915/i915_debugfs.c b/drivers/gpu/drm/i915/i915_debugfs.c
> index a3b22bd..7c068ea 100644
> --- a/drivers/gpu/drm/i915/i915_debugfs.c
> +++ b/drivers/gpu/drm/i915/i915_debugfs.c
> @@ -1865,31 +1865,29 @@ static int i915_gem_framebuffer_info(struct seq_file *m, void *data)
>  {
>  	struct drm_info_node *node = m->private;
>  	struct drm_device *dev = node->minor->dev;
> -	struct intel_fbdev *ifbdev = NULL;
> -	struct intel_framebuffer *fb;
> +	struct intel_framebuffer *fbdev_fb = NULL;
>  	struct drm_framebuffer *drm_fb;
>  
>  #ifdef CONFIG_DRM_FBDEV_EMULATION
> -	struct drm_i915_private *dev_priv = dev->dev_private;
>  
> -	ifbdev = dev_priv->fbdev;
> -	fb = to_intel_framebuffer(ifbdev->helper.fb);
> -
> -	seq_printf(m, "fbcon size: %d x %d, depth %d, %d bpp, modifier 0x%llx, refcount %d, obj ",
> -		   fb->base.width,
> -		   fb->base.height,
> -		   fb->base.depth,
> -		   fb->base.bits_per_pixel,
> -		   fb->base.modifier[0],
> -		   atomic_read(&fb->base.refcount.refcount));
> -	describe_obj(m, fb->obj);
> -	seq_putc(m, '\n');
> +	if (to_i915(dev)->fbdev) {
> +		fbdev_fb = to_intel_framebuffer(to_i915(dev)->fbdev->helper.fb);
> +		seq_printf(m, "fbcon size: %d x %d, depth %d, %d bpp, modifier 0x%llx, refcount %d, obj ",
> +				fbdev_fb->base.width,
> +				fbdev_fb->base.height,
> +				fbdev_fb->base.depth,
> +				fbdev_fb->base.bits_per_pixel,
> +				fbdev_fb->base.modifier[0],
> +				atomic_read(&fbdev_fb->base.refcount.refcount));

These should be aligned to the opening '('

Reviewed-by: Chris Wilson <chris at chris-wilson.co.uk>
-Chris

-- 
Chris Wilson, Intel Open Source Technology Centre

More information about the Intel-gfx mailing list