From: Ma Ke <make24@xxxxxxxxxxx> commit 6d411c8ccc0137a612e0044489030a194ff5c843 upstream. In nv17_tv_get_hd_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). The same applies to drm_cvt_mode(). Add a check to avoid null pointer dereference. Cc: stable@xxxxxxxxxxxxxxx Signed-off-by: Ma Ke <make24@xxxxxxxxxxx> Signed-off-by: Lyude Paul <lyude@xxxxxxxxxx> Link: https://patchwork.freedesktop.org/patch/msgid/20240625081029.2619437-1-make24@xxxxxxxxxxx Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/gpu/drm/nouveau/dispnv04/tvnv17.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/drivers/gpu/drm/nouveau/dispnv04/tvnv17.c +++ b/drivers/gpu/drm/nouveau/dispnv04/tvnv17.c @@ -260,6 +260,8 @@ static int nv17_tv_get_hd_modes(struct d if (modes[i].hdisplay == output_mode->hdisplay && modes[i].vdisplay == output_mode->vdisplay) { mode = drm_mode_duplicate(encoder->dev, output_mode); + if (!mode) + continue; mode->type |= DRM_MODE_TYPE_PREFERRED; } else { @@ -267,6 +269,8 @@ static int nv17_tv_get_hd_modes(struct d modes[i].vdisplay, 60, false, (output_mode->flags & DRM_MODE_FLAG_INTERLACE), false); + if (!mode) + continue; } /* CVT modes are sometimes unsuitable... */ Patches currently in stable-queue which might be from make24@xxxxxxxxxxx are queue-6.9/net-mana-fix-possible-double-free-in-error-handling-.patch queue-6.9/drm-nouveau-dispnv04-fix-null-pointer-dereference-in-nv17_tv_get_ld_modes.patch queue-6.9/drm-nouveau-dispnv04-fix-null-pointer-dereference-in-nv17_tv_get_hd_modes.patch