Hi,
On Wed, Apr 03, 2024 at 09:43:01AM +0800, Huai-Yuan Liu wrote:
>
> In malidp_mw_connector_reset, new memory is allocated with kzalloc, but
> no check is performed. In order to prevent null pointer dereferencing,
> ensure that mw_state is checked before calling
> __drm_atomic_helper_connector_reset.
Thanks for the patch, it does look like an oversight. Can I suggest you
respin your patch and add a
connector->state = NULL;
right after kfree(connector->state) ?
That way we can be sure we're not leaving state pointing to freed memory.
Best regards,
Liviu
>
> Fixes: 8cbc5caf36ef ("drm: mali-dp: Add writeback connector")
> Signed-off-by: Huai-Yuan Liu <qq810974084@xxxxxxxxx>
> ---
> drivers/gpu/drm/arm/malidp_mw.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/arm/malidp_mw.c b/drivers/gpu/drm/arm/malidp_mw.c
> index 626709bec6f5..25623ef9be80 100644
> --- a/drivers/gpu/drm/arm/malidp_mw.c
> +++ b/drivers/gpu/drm/arm/malidp_mw.c
> @@ -72,7 +72,9 @@ static void malidp_mw_connector_reset(struct drm_connector *connector)
> __drm_atomic_helper_connector_destroy_state(connector->state);
>
> kfree(connector->state);
> - __drm_atomic_helper_connector_reset(connector, &mw_state->base);
> +
> + if (mw_state)
> + __drm_atomic_helper_connector_reset(connector, &mw_state->base);
> }
>
> static enum drm_connector_status
> --
> 2.34.1
>
--
====================
| I would like to |
| fix the world, |
| but they're not |
| giving me the |
\ source code! /
---------------
¯\_(ツ)_/¯
