[Nouveau] [PATCH] bios: fix a potential NULL deref in the PROM shadowing function
Martin Peres
martin.peres at free.fr
Thu May 29 16:43:26 PDT 2014
On 30/05/2014 01:39, Ben Skeggs wrote:
> On Tue, May 27, 2014 at 7:15 PM, Martin Peres <martin.peres at free.fr> wrote:
>> Le 03/04/2014 22:12, Martin Peres a écrit :
>>
>>> Reported-by: Dan Carpenter <dan.carpenter at oracle.com>
>>> Signed-off-by: Martin Peres <martin.peres at free.fr>
>>> ---
>>> nvkm/subdev/bios/base.c | 9 +++++----
>>> 1 file changed, 5 insertions(+), 4 deletions(-)
>>>
>>> diff --git a/nvkm/subdev/bios/base.c b/nvkm/subdev/bios/base.c
>>> index 3de7d81..5f8643d 100644
>>> --- a/nvkm/subdev/bios/base.c
>>> +++ b/nvkm/subdev/bios/base.c
>>> @@ -183,10 +183,11 @@ nouveau_bios_shadow_prom(struct nouveau_bios *bios)
>>> goto out;
>>>
>>> bios->data = kmalloc(bios->size, GFP_KERNEL);
>>> - if (bios->data) {
>>> - for (i = 0; i < bios->size; i += 4)
>>> - ((u32 *)bios->data)[i/4] = nv_rd32(bios, 0x300000
>>> + i);
>>> - }
>>> + if (!bios->data)
>>> + goto out;
>>> +
>>> + for (i = 0; i < bios->size; i += 4)
>>> + ((u32 *)bios->data)[i/4] = nv_rd32(bios, 0x300000 + i);
>>>
>>> /* check the PCI record header */
>>> pcir = nv_ro16(bios, 0x0018);
>>>
>> This patch never got reviewed or pushed. It should also be sent as a fix for
>> the next 3.15 rc, if possible.
> Apologies, this was indeed overlooked. I've merged it. Thanks.
And I should apologize too for not checking earlier :)
More information about the Nouveau
mailing list