If the kmalloc() fails then we dereference "state" when we set "state->zpos". Fixes: 3dfeb631a15d ("drm/omap: Rework the rotation-on-crtc hack") Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> diff --git a/drivers/gpu/drm/omapdrm/omap_crtc.c b/drivers/gpu/drm/omapdrm/omap_crtc.c index 400d0d2f6790..cc85c16cbc2a 100644 --- a/drivers/gpu/drm/omapdrm/omap_crtc.c +++ b/drivers/gpu/drm/omapdrm/omap_crtc.c @@ -589,8 +589,10 @@ omap_crtc_duplicate_state(struct drm_crtc *crtc) current_state = to_omap_crtc_state(crtc->state); state = kmalloc(sizeof(*state), GFP_KERNEL); - if (state) - __drm_atomic_helper_crtc_duplicate_state(crtc, &state->base); + if (!state) + return NULL; + + __drm_atomic_helper_crtc_duplicate_state(crtc, &state->base); state->zpos = current_state->zpos; state->rotation = current_state->rotation; -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html