On Sun, Apr 07, 2024 at 02:30:53PM +0800, Huai-Yuan Liu wrote:
> In malidp_mw_connector_reset, new memory is allocated with kzalloc, but
> no check is performed. In order to prevent null pointer dereferencing,
> ensure that mw_state is checked before calling
> __drm_atomic_helper_connector_reset.
>
> Fixes: 8cbc5caf36ef ("drm: mali-dp: Add writeback connector")
> Signed-off-by: Huai-Yuan Liu <qq810974084@xxxxxxxxx>
Reviewed-by: Liviu Dudau <liviu.dudau@xxxxxxx>
Thanks for the patch. I will pull it into drm-misc-fixes before the end of the week.
Best regards,
Liviu
> ---
> V2:
> * In patch V2, we additionally set connector->state to NULL. In this way
> we can ensure that there is no state pointing to freed memory.
> Thanks to Liviu Dudau for helpful suggestion.
> ---
> drivers/gpu/drm/arm/malidp_mw.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/arm/malidp_mw.c b/drivers/gpu/drm/arm/malidp_mw.c
> index 626709bec6f5..2577f0cef8fc 100644
> --- a/drivers/gpu/drm/arm/malidp_mw.c
> +++ b/drivers/gpu/drm/arm/malidp_mw.c
> @@ -72,7 +72,10 @@ static void malidp_mw_connector_reset(struct drm_connector *connector)
> __drm_atomic_helper_connector_destroy_state(connector->state);
>
> kfree(connector->state);
> - __drm_atomic_helper_connector_reset(connector, &mw_state->base);
> + connector->state = NULL;
> +
> + if (mw_state)
> + __drm_atomic_helper_connector_reset(connector, &mw_state->base);
> }
>
> static enum drm_connector_status
> --
> 2.34.1
>
--
====================
| I would like to |
| fix the world, |
| but they're not |
| giving me the |
\ source code! /
---------------
¯\_(ツ)_/¯
