The drm_format_info() function returns NULL if the format is unsupported, but the simplefb_get_validated_format() is expected to return error pointers. If we propagate teh NULL return then it will lead to a NULL dereference in the callers. Swap the NULL and trade it in for an ERR_PTR(-EINVAL).
Fixes: 11e8f5fd223b ("drm: Add simpledrm driver") Signed-off-by: Dan Carpenter dan.carpenter@oracle.com --- drivers/gpu/drm/tiny/simpledrm.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/tiny/simpledrm.c b/drivers/gpu/drm/tiny/simpledrm.c index f72ca3a1c2d4..4f605c5fe856 100644 --- a/drivers/gpu/drm/tiny/simpledrm.c +++ b/drivers/gpu/drm/tiny/simpledrm.c @@ -72,6 +72,7 @@ simplefb_get_validated_format(struct drm_device *dev, const char *format_name) static const struct simplefb_format formats[] = SIMPLEFB_FORMATS; const struct simplefb_format *fmt = formats; const struct simplefb_format *end = fmt + ARRAY_SIZE(formats); + const struct drm_format_info *info;
if (!format_name) { drm_err(dev, "simplefb: missing framebuffer format\n"); @@ -79,8 +80,12 @@ simplefb_get_validated_format(struct drm_device *dev, const char *format_name) }
while (fmt < end) { - if (!strcmp(format_name, fmt->name)) - return drm_format_info(fmt->fourcc); + if (!strcmp(format_name, fmt->name)) { + info = drm_format_info(fmt->fourcc); + if (!info) + return ERR_PTR(-EINVAL); + return info; + } ++fmt; }
Am 15.05.21 um 11:53 schrieb Dan Carpenter:
The drm_format_info() function returns NULL if the format is unsupported, but the simplefb_get_validated_format() is expected to return error pointers. If we propagate teh NULL return then it will lead to a NULL dereference in the callers. Swap the NULL and trade it in for an ERR_PTR(-EINVAL).
Thank you. I've added the patch to drm-misc-next.
Best regards Thomas
Fixes: 11e8f5fd223b ("drm: Add simpledrm driver") Signed-off-by: Dan Carpenter dan.carpenter@oracle.com
drivers/gpu/drm/tiny/simpledrm.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/tiny/simpledrm.c b/drivers/gpu/drm/tiny/simpledrm.c index f72ca3a1c2d4..4f605c5fe856 100644 --- a/drivers/gpu/drm/tiny/simpledrm.c +++ b/drivers/gpu/drm/tiny/simpledrm.c @@ -72,6 +72,7 @@ simplefb_get_validated_format(struct drm_device *dev,
const char *format_name)
static const struct simplefb_format formats[] = SIMPLEFB_FORMATS; const struct simplefb_format *fmt = formats; const struct simplefb_format *end = fmt + ARRAY_SIZE(formats);
const struct drm_format_info *info;
if (!format_name) { drm_err(dev, "simplefb: missing framebuffer format\n");
@@ -79,8 +80,12 @@ simplefb_get_validated_format(struct drm_device *dev, const char *format_name) }
while (fmt < end) {
if (!strcmp(format_name, fmt->name))return drm_format_info(fmt->fourcc);
if (!strcmp(format_name, fmt->name)) {info = drm_format_info(fmt->fourcc);if (!info)return ERR_PTR(-EINVAL);return info;}
dri-devel@lists.freedesktop.org
-
Dan Carpenter -
Thomas Zimmermann