On Wed, 23 Nov 2016, Liviu Dudau <Liviu.Dudau@xxxxxxx> wrote:
> drm_get_format_name() de-references the buf parameter without checking
> if the pointer was not NULL. Given that the function is EXPORT-ed, lets
> sanitise the parameters before proceeding.
>
> v2: Use BUG_ON() to annoy users that did not pass valid parameters to function.
>
> Fixes: b3c11ac267d461d3d5 ("drm: move allocation out of drm_get_format_name())
> Cc: Eric Engestrom <eric@xxxxxxxxxxxx>
> Cc: Rob Clark <robdclark@xxxxxxxxx>
> Cc: Jani Nikula <jani.nikula@xxxxxxxxx>
> Cc: Daniel Vetter <daniel.vetter@xxxxxxxx>
>
> Signed-off-by: Liviu Dudau <Liviu.Dudau@xxxxxxx>
> ---
> I still think sanity checking the parameters of an exported function is worth
> doing, even if the way one triggers the NULL pointer crash is priviledged. Not
> a big fan of the verbosity of BUG_ON() and would rather silently reject NULL buf
> pointer, but that is a matter of taste.
There really is no meaningful difference between doing BUG_ON(!bug)
vs. just letting buf->str oops. The kernel is full of functions that
expect sensible pointers, and I don't see why this one in particular
should be so special to warrant a BUG_ON().
BR,
Jani.
>
>
> drivers/gpu/drm/drm_fourcc.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/gpu/drm/drm_fourcc.c b/drivers/gpu/drm/drm_fourcc.c
> index 90d2cc8..6d80239 100644
> --- a/drivers/gpu/drm/drm_fourcc.c
> +++ b/drivers/gpu/drm/drm_fourcc.c
> @@ -85,6 +85,8 @@ EXPORT_SYMBOL(drm_mode_legacy_fb_format);
> */
> const char *drm_get_format_name(uint32_t format, struct drm_format_name_buf *buf)
> {
> + BUG_ON(!buf);
> +
> snprintf(buf->str, sizeof(buf->str),
> "%c%c%c%c %s-endian (0x%08x)",
> printable_char(format & 0xff),
--
Jani Nikula, Intel Open Source Technology Center
_______________________________________________
dri-devel mailing list
dri-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/dri-devel
