[Intel-gfx] Potential NULL pointer dereference in intel_crt_get_edid
Rodrigo Vivi
rodrigo.vivi at intel.com
Mon Mar 18 23:53:08 UTC 2019
On Mon, Mar 18, 2019 at 05:39:48PM -0600, Shaobo He wrote:
> Hi Rodrigo,
>
> Sorry I'm a bit lost here. May I ask where the `WARN` is?
along with the return NULL
struct i2c_adapter *intel_gmbus_get_adapte()
if (WARN_ON(!intel_gmbus_is_valid_pin(dev_priv, pin)))
return NULL;
>
> Thanks,
> Shaobo
> On 3/18/19 5:26 PM, Rodrigo Vivi wrote:
> > Hi Shaobo,
> >
> > n Mon, Mar 18, 2019 at 05:01:10PM -0600, Shaobo He wrote:
> > > Hello everyone,
> > >
> > > My name is Shaobo He and I am a graduate student at University of Utah. I am
> > > using a static analysis tool to search for null pointer dereferences and
> > > came across a potentially invalid memory access in the file
> > > drivers/gpu/drm/i915/intel_crt.c: in function `intel_crt_detect_ddc`,
> > > function `intel_gmbus_get_adapter` can return a NULL pointer which is
> >
> > if this happens we've done a terrible job on defining the platform...
> >
> > > dereferenced by the call to `drm_get_edid` or `intel_gmbus_is_forced_bit`.
> >
> > but it seems you are right... this will reach i2c_transfer in the end
> > and it will break everything after we gave the Warning...
> >
> > > It seems that the return value of `intel_gmbus_get_adapter` is never
> > > NULL-checked. If so, it would be better to replace the branch to return a
> > > NULL pointer with something like `BUG_ON`.
> >
> > what about just adding if (!i2c) return false
> > instead of BUG.
> >
> > We already have the WARN to debug if this case ever happens.
> >
> > Thanks,
> > Rodrigo.
> >
> > >
> > > Please let me know if it makes sense. I am looking forward to your reply.
> > >
> > > Best,
> > > Shaobo
More information about the Intel-gfx
mailing list