[Intel-gfx] Potential NULL pointer dereference in intel_crt_get_edid
Shaobo He
shaobo at cs.utah.edu
Mon Mar 18 23:39:48 UTC 2019
Hi Rodrigo,
Sorry I'm a bit lost here. May I ask where the `WARN` is?
Thanks,
Shaobo
On 3/18/19 5:26 PM, Rodrigo Vivi wrote:
> Hi Shaobo,
>
> n Mon, Mar 18, 2019 at 05:01:10PM -0600, Shaobo He wrote:
>> Hello everyone,
>>
>> My name is Shaobo He and I am a graduate student at University of Utah. I am
>> using a static analysis tool to search for null pointer dereferences and
>> came across a potentially invalid memory access in the file
>> drivers/gpu/drm/i915/intel_crt.c: in function `intel_crt_detect_ddc`,
>> function `intel_gmbus_get_adapter` can return a NULL pointer which is
>
> if this happens we've done a terrible job on defining the platform...
>
>> dereferenced by the call to `drm_get_edid` or `intel_gmbus_is_forced_bit`.
>
> but it seems you are right... this will reach i2c_transfer in the end
> and it will break everything after we gave the Warning...
>
>> It seems that the return value of `intel_gmbus_get_adapter` is never
>> NULL-checked. If so, it would be better to replace the branch to return a
>> NULL pointer with something like `BUG_ON`.
>
> what about just adding if (!i2c) return false
> instead of BUG.
>
> We already have the WARN to debug if this case ever happens.
>
> Thanks,
> Rodrigo.
>
>>
>> Please let me know if it makes sense. I am looking forward to your reply.
>>
>> Best,
>> Shaobo
More information about the Intel-gfx
mailing list