Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1756444AbcKVRcG (ORCPT <rfc822;w@1wt.eu>);
        Tue, 22 Nov 2016 12:32:06 -0500
Received: from mga14.intel.com ([192.55.52.115]:30588 "EHLO mga14.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1752965AbcKVRcE (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 22 Nov 2016 12:32:04 -0500
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.31,533,1473145200"; 
   d="scan'208";a="789562556"
Date: Tue, 22 Nov 2016 19:31:57 +0200
From: Ville =?iso-8859-1?Q?Syrj=E4l=E4?= <ville.syrjala@linux.intel.com>
To: Rob Clark <robdclark@gmail.com>
Cc: Liviu Dudau <Liviu.Dudau@arm.com>, Jani Nikula <jani.nikula@intel.com>,
        Daniel Vetter <daniel.vetter@ffwll.ch>,
        Eric Engestrom <eric@engestrom.ch>,
        LKML <linux-kernel@vger.kernel.org>,
        DRI devel <dri-devel@lists.freedesktop.org>
Subject: Re: [PATCH] drm: check for NULL parameter in exported
 drm_get_format_name() function.
Message-ID: <20161122173157.GD31595@intel.com>
References: <20161122164106.31852-1-Liviu.Dudau@arm.com>
 <20161122165017.GC31595@intel.com>
 <CAF6AEGs=W8Me6T1qLiq2UEoWQg2+eYNRvw+5W11CXM7CAYBZKg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CAF6AEGs=W8Me6T1qLiq2UEoWQg2+eYNRvw+5W11CXM7CAYBZKg@mail.gmail.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 2037
Lines: 63

On Tue, Nov 22, 2016 at 12:23:59PM -0500, Rob Clark wrote:
> On Tue, Nov 22, 2016 at 11:50 AM, Ville Syrj?l?
> <ville.syrjala@linux.intel.com> wrote:
> > On Tue, Nov 22, 2016 at 04:41:06PM +0000, Liviu Dudau wrote:
> >> drm_get_format_name() de-references the buf parameter without checking
> >> if the pointer was not NULL. Given that the function is EXPORT-ed, lets
> >> sanitise the parameters before proceeding.
> >>
> >> Fixes: b3c11ac267d461d3d5 ("drm: move allocation out of drm_get_format_name())
> >> Cc: Eric Engestrom <eric@engestrom.ch>
> >> Cc: Rob Clark <robdclark@gmail.com>
> >> Cc: Jani Nikula <jani.nikula@intel.com>
> >> Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
> >>
> >> Signed-off-by: Liviu Dudau <Liviu.Dudau@arm.com>
> >> ---
> >>  drivers/gpu/drm/drm_fourcc.c | 3 +++
> >>  1 file changed, 3 insertions(+)
> >>
> >> diff --git a/drivers/gpu/drm/drm_fourcc.c b/drivers/gpu/drm/drm_fourcc.c
> >> index 90d2cc8..0a3ff0b 100644
> >> --- a/drivers/gpu/drm/drm_fourcc.c
> >> +++ b/drivers/gpu/drm/drm_fourcc.c
> >> @@ -85,6 +85,9 @@ EXPORT_SYMBOL(drm_mode_legacy_fb_format);
> >>   */
> >>  const char *drm_get_format_name(uint32_t format, struct drm_format_name_buf *buf)
> >>  {
> >> +     if (!buf)
> >> +             return NULL;
> >> +
> >
> > Seems rather pointless to me. Why would you ever pass NULL to this guy?
> 
> perhaps BUG_ON(!buf)...

And how does that differ from just buf->foo?

> 
> BR,
> -R
> 
> >>       snprintf(buf->str, sizeof(buf->str),
> >>                "%c%c%c%c %s-endian (0x%08x)",
> >>                printable_char(format & 0xff),
> >> --
> >> 2.10.2
> >>
> >> _______________________________________________
> >> dri-devel mailing list
> >> dri-devel@lists.freedesktop.org
> >> https://lists.freedesktop.org/mailman/listinfo/dri-devel
> >
> > --
> > Ville Syrj?l?
> > Intel OTC
> > _______________________________________________
> > dri-devel mailing list
> > dri-devel@lists.freedesktop.org
> > https://lists.freedesktop.org/mailman/listinfo/dri-devel

-- 
Ville Syrj?l?
Intel OTC