This commit adds a null check for the dm_state variable in the create_validate_stream_for_sink function. Previously, dm_state was being checked for nullity at line 7194, but then it was being dereferenced without any nullity check at line 7200. This could potentially lead to a null pointer dereference error if dm_state is indeed null. we now ensure that dm_state is not null before dereferencing it. We do this by adding a nullity check for dm_state before the call to create_stream_for_sink at line 7200. If dm_state is null, we log an error message and return NULL immediately. This fix prevents a null pointer dereference error. drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:7201 create_validate_stream_for_sink() error: we previously assumed 'dm_state' could be null (see line 7194) drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c 7185 struct dc_stream_state * 7186 create_validate_stream_for_sink(struct amdgpu_dm_connector *aconnector, 7187 const struct drm_display_mode *drm_mode, 7188 const struct dm_connector_state *dm_state, 7189 const struct dc_stream_state *old_stream) 7190 { 7191 struct drm_connector *connector = &aconnector->base; 7192 struct amdgpu_device *adev = drm_to_adev(connector->dev); 7193 struct dc_stream_state *stream; 7194 const struct drm_connector_state *drm_state = dm_state ? &dm_state->base : NULL; ^^^^^^^^ ^^^^^^^^^ This used check connector->state but then we changed it to dm_state instead 7195 int requested_bpc = drm_state ? drm_state->max_requested_bpc : 8; 7196 enum dc_status dc_result = DC_OK; 7197 7198 do { 7199 stream = create_stream_for_sink(connector, drm_mode, 7200 dm_state, old_stream, ^^^^^^^^ But dm_state is dereferenced on the next line without checking. (Presumably the NULL check can be removed). --> 7201 requested_bpc); 7202 if (stream == NULL) { 7203 DRM_ERROR("Failed to create stream for sink!\n"); 7204 break; 7205 } 7206 7207 if (aconnector->base.connector_type == DRM_MODE_CONNECTOR_WRITEBACK) Fixes: fa7041d9d2fc ("drm/amd/display: Fix ineffective setting of max bpc property") Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> Cc: Tom Chung <chiahsuan.chung@xxxxxxx> Cc: Rodrigo Siqueira <Rodrigo.Siqueira@xxxxxxx> Cc: Roman Li <roman.li@xxxxxxx> Cc: Hersen Wu <hersenxs.wu@xxxxxxx> Cc: Alex Hung <alex.hung@xxxxxxx> Cc: Aurabindo Pillai <aurabindo.pillai@xxxxxxx> Cc: Harry Wentland <harry.wentland@xxxxxxx> Cc: Hamza Mahfooz <hamza.mahfooz@xxxxxxx> Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam@xxxxxxx> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index d1527c2e46a1..b7eaece455c8 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -7195,6 +7195,11 @@ create_validate_stream_for_sink(struct amdgpu_dm_connector *aconnector, int requested_bpc = drm_state ? drm_state->max_requested_bpc : 8; enum dc_status dc_result = DC_OK; + if (!dm_state) { + DRM_ERROR("dm_state is NULL!\n"); + return NULL; + } + do { stream = create_stream_for_sink(connector, drm_mode, dm_state, old_stream, -- 2.34.1