Patch "video: fbdev: sis: fix null ptr dereference" has been added to the 5.9-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Mon, 26 Oct 2020 01:10:25 -0400

This is a note to let you know that I've just added the patch titled

    video: fbdev: sis: fix null ptr dereference

to the 5.9-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     video-fbdev-sis-fix-null-ptr-dereference.patch
and it can be found in the queue-5.9 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 40f0e848133d6a6a76b67dbd2335ce974ad7d620
Author: Tom Rix <trix@xxxxxxxxxx>
Date:   Wed Aug 5 07:52:08 2020 -0700

    video: fbdev: sis: fix null ptr dereference
    
    [ Upstream commit ad6f93e9cd56f0b10e9b22e3e137d17a1a035242 ]
    
    Clang static analysis reports this representative error
    
    init.c:2501:18: warning: Array access (from variable 'queuedata') results
      in a null pointer dereference
          templ |= ((queuedata[i] & 0xc0) << 3);
    
    This is the problem block of code
    
       if(ModeNo > 0x13) {
          ...
          if(SiS_Pr->ChipType == SIS_730) {
             queuedata = &FQBQData730[0];
          } else {
             queuedata = &FQBQData[0];
          }
       } else {
    
       }
    
    queuedata is not set in the else block
    
    Reviewing the old code, the arrays FQBQData730 and FQBQData were
    used directly.
    
    So hoist the setting of queuedata out of the if-else block.
    
    Fixes: 544393fe584d ("[PATCH] sisfb update")
    Signed-off-by: Tom Rix <trix@xxxxxxxxxx>
    Cc: Thomas Winischhofer <thomas@xxxxxxxxxxxxxxxx>
    Cc: Andrew Morton <akpm@xxxxxxxx>
    Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@xxxxxxxxxxx>
    Link: https://patchwork.freedesktop.org/patch/msgid/20200805145208.17727-1-trix@xxxxxxxxxx
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/video/fbdev/sis/init.c b/drivers/video/fbdev/sis/init.c
index dfe3eb769638b..fde27feae5d0c 100644
--- a/drivers/video/fbdev/sis/init.c
+++ b/drivers/video/fbdev/sis/init.c
@@ -2428,6 +2428,11 @@ SiS_SetCRT1FIFO_630(struct SiS_Private *SiS_Pr, unsigned short ModeNo,
 
    i = 0;
 
+	if (SiS_Pr->ChipType == SIS_730)
+		queuedata = &FQBQData730[0];
+	else
+		queuedata = &FQBQData[0];
+
    if(ModeNo > 0x13) {
 
       /* Get VCLK  */
@@ -2445,12 +2450,6 @@ SiS_SetCRT1FIFO_630(struct SiS_Private *SiS_Pr, unsigned short ModeNo,
       /* Get half colordepth */
       colorth = colortharray[(SiS_Pr->SiS_ModeType - ModeEGA)];
 
-      if(SiS_Pr->ChipType == SIS_730) {
-	 queuedata = &FQBQData730[0];
-      } else {
-	 queuedata = &FQBQData[0];
-      }
-
       do {
 	 templ = SiS_CalcDelay2(SiS_Pr, queuedata[i]) * VCLK * colorth;
 






