on Sun, 27 Mar 2022 16:59:28 +0100, Emil Velikov wrote: > On Sun, 27 Mar 2022 at 08:39, Xiaomeng Tong <xiam0nd.tong@xxxxxxxxx> wrote: > > > > The bug is here: > > return encoder; > > > > The list iterator value 'encoder' will *always* be set and non-NULL > > by drm_for_each_encoder_mask(), so it is incorrect to assume that the > > iterator value will be NULL if the list is empty or no element found. > > Otherwise it will bypass some NULL checks and lead to invalid memory > > access passing the check. > > > > To fix this bug, just return 'encoder' when found, otherwise return > > NULL. > > > > Isn't this covered by the upcoming list* iterator rework [1] or is > this another iterator glitch? Actually, it is a part of the upcoming work. > IMHO we should be looking at fixing the implementation and not the > hundreds of users through the kernel. > > HTH > -Emil > [1] https://lwn.net/Articles/887097/ Yes, you are right. This has also been taken into account by the upcoming list iterator rework to avoid a lot uesr' changes as much as possible. However, this patch is fixing a potential bug caused by incorrect use of list iterator outside the loop, which can not be fixed by the implementation itself. -- Xiaomeng Tong
