On Fri, 14 Feb 2014 16:35:54 +0100 Daniel Vetter <daniel.vetter@xxxxxxxx> wrote: > Looks like I've missed one of the potential NULL deref bugs in Jesse's > fbdev->fb embedded struct to pointer conversions. Fix it up. > > This regression has been introduced in > > commit 8bcd45534ddf68ab71aeed709dacd9cf65dc0f75 > Author: Jesse Barnes <jbarnes@xxxxxxxxxxxxxxxx> > Date: Fri Feb 7 12:10:38 2014 -0800 > > drm/i915: alloc intel_fb in the intel_fbdev struct > > Cc: Jesse Barnes <jbarnes@xxxxxxxxxxxxxxxx> > Signed-off-by: Daniel Vetter <daniel.vetter@xxxxxxxx> > --- > drivers/gpu/drm/i915/intel_display.c | 8 +++++--- > 1 file changed, 5 insertions(+), 3 deletions(-) > > diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c > index 0d3f2a5f4d2d..f19e6ea36dc4 100644 > --- a/drivers/gpu/drm/i915/intel_display.c > +++ b/drivers/gpu/drm/i915/intel_display.c > @@ -7754,13 +7754,15 @@ mode_fits_in_fbdev(struct drm_device *dev, > struct drm_i915_gem_object *obj; > struct drm_framebuffer *fb; > > - if (dev_priv->fbdev == NULL) > + if (!dev_priv->fbdev) > return NULL; > > - obj = dev_priv->fbdev->fb->obj; > - if (obj == NULL) > + if (!dev_priv->fbdev->fb) > return NULL; > > + obj = dev_priv->fbdev->fb->obj; > + BUG_ON(!obj); > + > fb = &dev_priv->fbdev->fb->base; > if (fb->pitches[0] < intel_framebuffer_pitch_for_width(mode->hdisplay, > fb->bits_per_pixel)) ah yep, good catch. Reviewed-by: Jesse Barnes <jbarnes@xxxxxxxxxxxxxxxx> -- Jesse Barnes, Intel Open Source Technology Center _______________________________________________ Intel-gfx mailing list Intel-gfx@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/intel-gfx
