If kmalloc() returned NULL we would end up dereferencing "state" a
couple lines later.
Signed-off-by: Dan Carpenter <[email protected]>
diff --git a/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c b/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c
index 8df0aaf..867069b 100644
--- a/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c
+++ b/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c
@@ -415,8 +415,9 @@ atmel_hlcdc_crtc_duplicate_state(struct drm_crtc *crtc)
return NULL;
state = kmalloc(sizeof(*state), GFP_KERNEL);
- if (state)
- __drm_atomic_helper_crtc_duplicate_state(crtc, &state->base);
+ if (!state)
+ return NULL;
+ __drm_atomic_helper_crtc_duplicate_state(crtc, &state->base);
cur = drm_crtc_state_to_atmel_hlcdc_crtc_state(crtc->state);
state->output_mode = cur->output_mode;
On Mon, 25 Apr 2016 12:04:54 +0300
Dan Carpenter <[email protected]> wrote:
> If kmalloc() returned NULL we would end up dereferencing "state" a
> couple lines later.
>
> Signed-off-by: Dan Carpenter <[email protected]>
Acked-by: Boris Brezillon <[email protected]>
Thanks,
Boris
>
> diff --git a/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c b/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c
> index 8df0aaf..867069b 100644
> --- a/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c
> +++ b/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c
> @@ -415,8 +415,9 @@ atmel_hlcdc_crtc_duplicate_state(struct drm_crtc *crtc)
> return NULL;
>
> state = kmalloc(sizeof(*state), GFP_KERNEL);
> - if (state)
> - __drm_atomic_helper_crtc_duplicate_state(crtc, &state->base);
> + if (!state)
> + return NULL;
> + __drm_atomic_helper_crtc_duplicate_state(crtc, &state->base);
>
> cur = drm_crtc_state_to_atmel_hlcdc_crtc_state(crtc->state);
> state->output_mode = cur->output_mode;
--
Boris Brezillon, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com
On Mon, Apr 25, 2016 at 12:04:54PM +0300, Dan Carpenter wrote:
> If kmalloc() returned NULL we would end up dereferencing "state" a
> couple lines later.
>
> Signed-off-by: Dan Carpenter <[email protected]>
Reviewed-by: Eric Engestrom <[email protected]>
Hi Daniel,
On Mon, 25 Apr 2016 12:04:54 +0300
Dan Carpenter <[email protected]> wrote:
> If kmalloc() returned NULL we would end up dereferencing "state" a
> couple lines later.
Can you take this patch in drm-misc, or should I send a PR?
Regards,
Boris
>
> Signed-off-by: Dan Carpenter <[email protected]>
>
> diff --git a/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c b/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c
> index 8df0aaf..867069b 100644
> --- a/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c
> +++ b/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c
> @@ -415,8 +415,9 @@ atmel_hlcdc_crtc_duplicate_state(struct drm_crtc *crtc)
> return NULL;
>
> state = kmalloc(sizeof(*state), GFP_KERNEL);
> - if (state)
> - __drm_atomic_helper_crtc_duplicate_state(crtc, &state->base);
> + if (!state)
> + return NULL;
> + __drm_atomic_helper_crtc_duplicate_state(crtc, &state->base);
>
> cur = drm_crtc_state_to_atmel_hlcdc_crtc_state(crtc->state);
> state->output_mode = cur->output_mode;
--
Boris Brezillon, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com