| Message ID | 20231116065159.37876-1-shum.sdl@nppct.ru |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:b909:0:b0:403:3b70:6f57 with SMTP id t9csp3027709vqg;
Wed, 15 Nov 2023 22:52:40 -0800 (PST)
X-Google-Smtp-Source:
AGHT+IHaQAUi0Y3nhWm7UgmWE98lOZ4ToYRfb5aF0OW8NXwP7kdbjsPV503JxGvdIHpvS0UeELbL
X-Received: by 2002:a05:6a00:1bca:b0:68f:f38d:f76c with SMTP id
o10-20020a056a001bca00b0068ff38df76cmr13308570pfw.6.1700117559840;
Wed, 15 Nov 2023 22:52:39 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1700117559; cv=none;
d=google.com; s=arc-20160816;
b=E67vSc7Sa7E6wrm1jI3F4ictzHl/9DMvIovP5m8eSEgOb2RGbtXG9C5pM7WiInXUhO
O/RKvXn+RS61yMr5TuTJMCAgM8Ag+kXH1Yx76E6obR7RpSjNfLLQOMAqgcHw6GfN+KBC
tIh6H9Uyntbquzo1JTZlA6JLtxGnqWC1v8UYEqVCUEtmSkqfo6LQF6OzX+KC0PXpDvnL
fxDAg6CrDT3mOaI4B4YLooW7ijLNmJJhHILvWgPFwjp1fZDz8S0PW+9MVhDG1uTOq0bz
u/0gwbQoao8eZJxEA82e9l5kE4tvMsUsjiV1y5Aw9zvsrQkADcuUuTlnycWp55TR2Mdu
hx7w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from:dkim-signature;
bh=slQoXLuKNqUxMuSKi0/M+r6G1yK9uO5VvovN4cga41c=;
fh=231+0uNteEx4gI320e7VQeiwgGdtH2c/Ve0JNDN8lII=;
b=aHWL/6yYtKdGaZiA5MRKPlY2l/fZfByzqj6KLMv/2UIQz0utnGzJagYMsCi1NrKNTy
tr5I1r9MISJtX7Rv+E0/R7UOVZnsS0czuu1stCtym+l7SzzVICaY/t0Se95TYqE6ch+L
xr1npf11/eoQjCh4i2Lf3WUU26jH18gnIL18GsSBakQfijqikWZVvbusFRR61/X8ZVLx
t05ldUytErEZV8WkkeDMA7czVD12zDHOSQNd8DcbmGLLo6rJfxFquTXfuUU+qELkaV/4
Saf0Ux2GZXOC7wlHVtGjMqbRSNNtL3CN1AW734WgeHUi/1wgImsLyUSyqI3LLR86llYe
Q+cw==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@nppct.ru header.s=dkim header.b=fzvySR4T;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::3:5 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5])
by mx.google.com with ESMTPS id
e13-20020a056a001a8d00b006c4f047a75asi11981790pfv.225.2023.11.15.22.52.39
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 15 Nov 2023 22:52:39 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::3:5 as permitted sender)
client-ip=2620:137:e000::3:5;
Authentication-Results: mx.google.com;
dkim=pass header.i=@nppct.ru header.s=dkim header.b=fzvySR4T;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::3:5 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
by groat.vger.email (Postfix) with ESMTP id 7277B802943E;
Wed, 15 Nov 2023 22:52:37 -0800 (PST)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.11 at groat.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S233777AbjKPGwV (ORCPT <rfc822;jaysivo@gmail.com> + 29 others);
Thu, 16 Nov 2023 01:52:21 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45302 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229638AbjKPGwU (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Thu, 16 Nov 2023 01:52:20 -0500
Received: from mail.nppct.ru (mail.nppct.ru [195.133.245.4])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 250E8196
for <linux-kernel@vger.kernel.org>;
Wed, 15 Nov 2023 22:52:14 -0800 (PST)
Received: from mail.nppct.ru (localhost [127.0.0.1])
by mail.nppct.ru (Postfix) with ESMTP id 331291C0D49
for <linux-kernel@vger.kernel.org>;
Thu, 16 Nov 2023 09:52:11 +0300 (MSK)
Authentication-Results: mail.nppct.ru (amavisd-new); dkim=pass (1024-bit key)
reason="pass (just generated, assumed good)" header.d=nppct.ru
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nppct.ru; h=
content-transfer-encoding:mime-version:x-mailer:message-id:date
:date:subject:subject:to:from:from; s=dkim; t=1700117530; x=
1700981531; bh=K3YRmKofc6N6uINNSmeFkKZnxYRW32B+l0K9TQS6g74=; b=f
zvySR4TFRoqaZp0rWO0uVqXf6kj06TaABLkINcz/GlJYHCU0hlf/jg9RV07mrSBE
s90tYgzMV+Jy2RGLb8SWeo1HFpQZJdKikzGZufvwTa9qjeEGC4d0keLQMNV+LSZF
YnPDYb/UzYF2CG8zQbNrJ7wYiBX7b9GdwUqwNEZa3g=
X-Virus-Scanned: Debian amavisd-new at mail.nppct.ru
Received: from mail.nppct.ru ([127.0.0.1])
by mail.nppct.ru (mail.nppct.ru [127.0.0.1]) (amavisd-new, port 10026)
with ESMTP id MWzU3XDIG0GN for <linux-kernel@vger.kernel.org>;
Thu, 16 Nov 2023 09:52:10 +0300 (MSK)
Received: from localhost.localdomain (mail.dev-ai-melanoma.ru
[185.130.227.204])
by mail.nppct.ru (Postfix) with ESMTPSA id D04BC1C061A;
Thu, 16 Nov 2023 09:52:07 +0300 (MSK)
From: Andrey Shumilin <shum.sdl@nppct.ru>
To: Karol Herbst <kherbst@redhat.com>
Cc: Andrey Shumilin <shum.sdl@nppct.ru>, Lyude Paul <lyude@redhat.com>,
Danilo Krummrich <dakr@redhat.com>, David Airlie <airlied@gmail.com>,
Daniel Vetter <daniel@ffwll.ch>, Maxime Ripard <mripard@kernel.org>,
Thomas Zimmermann <tzimmermann@suse.de>,
=?utf-8?q?Noralf_Tr=C3=B8nnes?= <noralf@tronnes.org>,
Jani Nikula <jani.nikula@intel.com>, dri-devel@lists.freedesktop.org,
nouveau@lists.freedesktop.org, linux-kernel@vger.kernel.org,
khoroshilov@ispras.ru, ykarpov@ispras.ru, vmerzlyakov@ispras.ru,
vefanov@ispras.ru
Subject: [PATCH] tvnv17.c: Adding a NULL pointer check.
Date: Thu, 16 Nov 2023 09:51:59 +0300
Message-Id: <20231116065159.37876-1-shum.sdl@nppct.ru>
X-Mailer: git-send-email 2.30.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test,
not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]);
Wed, 15 Nov 2023 22:52:37 -0800 (PST)
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1782702470687599703
X-GMAIL-MSGID: 1782702470687599703
|
| Series |
tvnv17.c: Adding a NULL pointer check.
|
|
Commit Message
Andrey Shumilin
Nov. 16, 2023, 6:51 a.m. UTC
It is possible to dereference a null pointer if drm_mode_duplicate() returns NULL.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Andrey Shumilin <shum.sdl@nppct.ru>
---
drivers/gpu/drm/nouveau/dispnv04/tvnv17.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
Comments
> Subject: tvnv17.c: Adding a NULL pointer check. As $ git log --oneline drivers/gpu/drm/nouveau/dispnv04/tvnv17.c 874ee2d67fc9 drm/nouveau: Remove unnecessary include statements for drm_crtc_helper.h 80ed86d4b6d7 drm/connector: Rename drm_mode_create_tv_properties 1fd4a5a36f9f drm/connector: Rename legacy TV property 09838c4efe9a drm/nouveau/kms: Search for encoders' connectors properly 2574c809d7c0 drm/nouveau/kms/nv04-nv4x: Use match_string() helper to simplify the code ... shows, a better prefix should be drm/nouveau: and there should not be a dot at the end. e.g. drm/nouveau: Avoid NPE in nv17_tv_get_XX_modes() On 16.11.2023 09:51, Andrey Shumilin wrote: > It is possible to dereference a null pointer if drm_mode_duplicate() returns NULL. I would suggest to add a little bit more details: drm_mode_duplicate() may return NULL in case of error, e.g. if memory allocation fails. It leads to NULL pointer dereference in nv17_tv_get_ld_modes() and nv17_tv_get_hd_modes(), since they do not check if drm_mode_duplicate() succeeds. Otherwise, looks good. Reviewed-by: Alexey Khoroshilov <khoroshilov@ispras.ru> > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Signed-off-by: Andrey Shumilin <shum.sdl@nppct.ru> > --- > drivers/gpu/drm/nouveau/dispnv04/tvnv17.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/nouveau/dispnv04/tvnv17.c b/drivers/gpu/drm/nouveau/dispnv04/tvnv17.c > index 670c9739e5e1..1f0c5f4a5fd2 100644 > --- a/drivers/gpu/drm/nouveau/dispnv04/tvnv17.c > +++ b/drivers/gpu/drm/nouveau/dispnv04/tvnv17.c > @@ -209,7 +209,8 @@ static int nv17_tv_get_ld_modes(struct drm_encoder *encoder, > struct drm_display_mode *mode; > > mode = drm_mode_duplicate(encoder->dev, tv_mode); > - > + if (mode == NULL) > + continue; > mode->clock = tv_norm->tv_enc_mode.vrefresh * > mode->htotal / 1000 * > mode->vtotal / 1000; > @@ -258,6 +259,8 @@ static int nv17_tv_get_hd_modes(struct drm_encoder *encoder, > if (modes[i].hdisplay == output_mode->hdisplay && > modes[i].vdisplay == output_mode->vdisplay) { > mode = drm_mode_duplicate(encoder->dev, output_mode); > + if (mode == NULL) > + continue; > mode->type |= DRM_MODE_TYPE_PREFERRED; > > } else { >
diff --git a/drivers/gpu/drm/nouveau/dispnv04/tvnv17.c b/drivers/gpu/drm/nouveau/dispnv04/tvnv17.c index 670c9739e5e1..1f0c5f4a5fd2 100644 --- a/drivers/gpu/drm/nouveau/dispnv04/tvnv17.c +++ b/drivers/gpu/drm/nouveau/dispnv04/tvnv17.c @@ -209,7 +209,8 @@ static int nv17_tv_get_ld_modes(struct drm_encoder *encoder, struct drm_display_mode *mode; mode = drm_mode_duplicate(encoder->dev, tv_mode); - + if (mode == NULL) + continue; mode->clock = tv_norm->tv_enc_mode.vrefresh * mode->htotal / 1000 * mode->vtotal / 1000; @@ -258,6 +259,8 @@ static int nv17_tv_get_hd_modes(struct drm_encoder *encoder, if (modes[i].hdisplay == output_mode->hdisplay && modes[i].vdisplay == output_mode->vdisplay) { mode = drm_mode_duplicate(encoder->dev, output_mode); + if (mode == NULL) + continue; mode->type |= DRM_MODE_TYPE_PREFERRED; } else {