Hi Christian,
Thank you very much for your reply. I'm a little confused here so I really
appreciate if you could clarify it more.
For example, I don't understand why the condition of function
`radeon_ttm_tt_to_gtt` returning NULL is the argument being an AGP ttm. Based on
its definition, it returns NULL when the argument is NULL or the backend methods
is not `radeon_backend_func`. Is there any correlation that I missed here?
Moreover, could you point out the check of such case before the offending code?
Meaning the check of whether `ttm` is an AGP ttm?
Best,
Shaobo
On 2019/3/19 3:16, Christian König wrote:
Hi Shaobo,
that question came up a couple of times now. And the answer is: No, there can't
be a NULL pointer dereference.
The function radeon_ttm_tt_to_gtt returns NULL only when it is an AGP ttm
structure, and that case is checked right before the offending code.
Unfortunately I don't see how an automated code checker should ever be able to
figure that out by itself.
Regards,
Christian.
Am 18.03.19 um 21:58 schrieb Shaobo He:
Hello everyone,
My name is Shaobo He and I am a graduate student at University of Utah. I am
using a static analysis tool to search for null pointer dereferences and came
across a potentially invalid memory access in the file
drivers/gpu/drm/radeon/radeon_ttm.c: in function `radeon_ttm_tt_populate`,
function `radeon_ttm_tt_to_gtt` can return a NULL pointer which is
dereferenced by the call to `drm_prime_sg_to_page_addr_arrays`.
Please let me know if it makes sense. I am looking forward to your reply.
Best,
Shaobo
_______________________________________________
amd-gfx mailing list
amd-gfx@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/amd-gfx
_______________________________________________
amd-gfx mailing list
amd-gfx@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/amd-gfx
