Re: [PATCH] tvnv17.c: Adding a NULL pointer check.

Alexey Khoroshilov <khoroshilov@xxxxxxxxx> · Fri, 5 Jan 2024 21:33:07 +0700

> Subject: tvnv17.c: Adding a NULL pointer check.

As

$ git log --oneline drivers/gpu/drm/nouveau/dispnv04/tvnv17.c
874ee2d67fc9 drm/nouveau: Remove unnecessary include statements for
drm_crtc_helper.h
80ed86d4b6d7 drm/connector: Rename drm_mode_create_tv_properties
1fd4a5a36f9f drm/connector: Rename legacy TV property
09838c4efe9a drm/nouveau/kms: Search for encoders' connectors properly
2574c809d7c0 drm/nouveau/kms/nv04-nv4x: Use match_string() helper to
simplify the code
...

shows, a better prefix should be
drm/nouveau:
and there should not be a dot at the end.

e.g.
drm/nouveau: Avoid NPE in nv17_tv_get_XX_modes()

On 16.11.2023 09:51, Andrey Shumilin wrote:
> It is possible to dereference a null pointer if drm_mode_duplicate() returns NULL.

I would suggest to add a little bit more details:

drm_mode_duplicate() may return NULL in case of error, e.g. if memory
allocation fails. It leads to NULL pointer dereference in
nv17_tv_get_ld_modes() and nv17_tv_get_hd_modes(), since they do not
check if drm_mode_duplicate() succeeds.

Otherwise, looks good.

Reviewed-by: Alexey Khoroshilov <khoroshilov@xxxxxxxxx>

> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Signed-off-by: Andrey Shumilin <shum.sdl@xxxxxxxx>
> ---
>  drivers/gpu/drm/nouveau/dispnv04/tvnv17.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/gpu/drm/nouveau/dispnv04/tvnv17.c b/drivers/gpu/drm/nouveau/dispnv04/tvnv17.c
> index 670c9739e5e1..1f0c5f4a5fd2 100644
> --- a/drivers/gpu/drm/nouveau/dispnv04/tvnv17.c
> +++ b/drivers/gpu/drm/nouveau/dispnv04/tvnv17.c
> @@ -209,7 +209,8 @@ static int nv17_tv_get_ld_modes(struct drm_encoder *encoder,
>  		struct drm_display_mode *mode;
>  
>  		mode = drm_mode_duplicate(encoder->dev, tv_mode);
> -
> +		if (mode == NULL)
> +			continue;
>  		mode->clock = tv_norm->tv_enc_mode.vrefresh *
>  			mode->htotal / 1000 *
>  			mode->vtotal / 1000;
> @@ -258,6 +259,8 @@ static int nv17_tv_get_hd_modes(struct drm_encoder *encoder,
>  		if (modes[i].hdisplay == output_mode->hdisplay &&
>  		    modes[i].vdisplay == output_mode->vdisplay) {
>  			mode = drm_mode_duplicate(encoder->dev, output_mode);
> +			if (mode == NULL)
> +				continue;
>  			mode->type |= DRM_MODE_TYPE_PREFERRED;
>  
>  		} else {
> 