On Tue, Dec 05, 2017 at 11:46:28AM -0600, Gustavo A. R. Silva wrote:
> fb_helper is being dereferenced before it is null checked,
> hence there is a potential null pointer dereference.
>
> Fix this by moving the pointer dereference after fb_helper
> has been null checked.
>
> This issue was detected with the help of Coccinelle.
>
> Fixes: c777990fb45b ("drm/fb-helper: Handle function NULL argument")
> Signed-off-by: Gustavo A. R. Silva <garsilva@xxxxxxxxxxxxxx>
Oops. Applied to drm-misc-next, thanks for your patch.
-Daniel
> ---
> drivers/gpu/drm/drm_fb_helper.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c
> index 6654f2f..04a3a5c 100644
> --- a/drivers/gpu/drm/drm_fb_helper.c
> +++ b/drivers/gpu/drm/drm_fb_helper.c
> @@ -178,7 +178,7 @@ EXPORT_SYMBOL(drm_fb_helper_add_one_connector);
> */
> int drm_fb_helper_single_add_all_connectors(struct drm_fb_helper *fb_helper)
> {
> - struct drm_device *dev = fb_helper->dev;
> + struct drm_device *dev;
> struct drm_connector *connector;
> struct drm_connector_list_iter conn_iter;
> int i, ret = 0;
> @@ -186,6 +186,8 @@ int drm_fb_helper_single_add_all_connectors(struct drm_fb_helper *fb_helper)
> if (!drm_fbdev_emulation || !fb_helper)
> return 0;
>
> + dev = fb_helper->dev;
> +
> mutex_lock(&fb_helper->lock);
> drm_connector_list_iter_begin(dev, &conn_iter);
> drm_for_each_connector_iter(connector, &conn_iter) {
> --
> 2.7.4
>
> _______________________________________________
> dri-devel mailing list
> dri-devel@xxxxxxxxxxxxxxxxxxxxx
> https://lists.freedesktop.org/mailman/listinfo/dri-devel
--
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
_______________________________________________
dri-devel mailing list
dri-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/dri-devel
