Received: by 2002:a25:86ce:0:0:0:0:0 with SMTP id y14csp606048ybm; Wed, 22 May 2019 08:32:46 -0700 (PDT) X-Google-Smtp-Source: APXvYqzL2b5d0FNAg7aUsCZ9gJhPU0LSpo6NXuv4ktRkLacg/d9Nns/mppgkihpLL/NygUNvQxIs X-Received: by 2002:a17:902:bc8a:: with SMTP id bb10mr34172166plb.310.1558539166387; Wed, 22 May 2019 08:32:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1558539166; cv=none; d=google.com; s=arc-20160816; b=F7Bs/6INXHow78B/nDp5CB5/6TuTXfwXOFiZzT8Q8gffwvx/8FDd4VwD9js/0YGoR7 dHBhm0HvQbKEnuSD/nHkWkke9A9YlbYb4Uv3ndo2kymjVSc8VfHPnmbwON9YcoCnIbbY tnS3eFol/64fwm2pKOP4oexSVHC3kQZS3LrqowNZf4Nj2k4f081PXKafQzprAuPGZmT9 0GZ4D0M6uSyJZiTDt+vLdTa1OzmyLhvMQO7bg0LLj90pPkKm85tYooWqO47Bb0rn8iUt iqoYu8M9QVC8mcXcSkBHq6Blmg8QirnrrBAPv7EYTBJzXVH4kiW2Dr3AWyEzDb0Fvpuw 5WjQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:references :organization:in-reply-to:subject:cc:to:from; bh=jTUOwOEQxsVZx/PoTriMBaMvINeUjxQmVCLRbtGk4Lc=; b=vmeY4Iujc98w4uCq63spCj0eBnE+3LM60ohvrCDdaVrYZ03YiQ4pKFk3Lnxv3wTprI MuuyDp9HwHoEUByGPHO6FOR+sDJHADzmNWSbjJWXu9/DE2zUenLI10z+OnOHhJuJQ258 GKBfmyK5IwaH3AMcyIpdNqdTsACYOLQ3fWyNAmaYYhQOaGVOR5DrKHea1dUn2aLpR9YR hhwLxoB0CCg29wghMSXxLVeEyQ9dSx5VIXyD0+AksfPX5gBpLoCtIsYt1akmvOX08VY5 lgCE/EosOkG7q+DrH+eBs+n+2MheIyxm/4gFJaKE2BpqQQA8T9Ei38A5kOXW77998MPj Q4Lg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g70si24566029pgc.588.2019.05.22.08.32.28; Wed, 22 May 2019 08:32:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729685AbfEVOwT (ORCPT + 99 others); Wed, 22 May 2019 10:52:19 -0400 Received: from mga09.intel.com ([134.134.136.24]:58335 "EHLO mga09.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728450AbfEVOwT (ORCPT ); Wed, 22 May 2019 10:52:19 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 22 May 2019 07:52:18 -0700 X-ExtLoop1: 1 Received: from jnikula-mobl3.fi.intel.com (HELO localhost) ([10.237.66.150]) by fmsmga001.fm.intel.com with ESMTP; 22 May 2019 07:52:16 -0700 From: Jani Nikula To: Gen Zhang , sean@poorly.run Cc: linux-kernel@vger.kernel.org, dri-devel@lists.freedesktop.org Subject: Re: [PATCH] drm_edid-load: Fix a missing-check bug in drivers/gpu/drm/drm_edid_load.c In-Reply-To: <20190522123920.GB6772@zhanggen-UX430UQ> Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo References: <20190522123920.GB6772@zhanggen-UX430UQ> Date: Wed, 22 May 2019 17:55:35 +0300 Message-ID: <87o93u7d3s.fsf@intel.com> MIME-Version: 1.0 Content-Type: text/plain Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 22 May 2019, Gen Zhang wrote: > In drm_load_edid_firmware(), fwstr is allocated by kstrdup(). And fwstr > is dereferenced in the following codes. However, memory allocation > functions such as kstrdup() may fail and returns NULL. Dereferencing > this null pointer may cause the kernel go wrong. Thus we should check > this kstrdup() operation. > Further, if kstrdup() returns NULL, we should return ERR_PTR(-ENOMEM) to > the caller site. strsep() handles the NULL pointer just fine, so there won't be a NULL dereference. However this patch seems like the right thing to do anyway. Reviewed-by: Jani Nikula > > Signed-off-by: Gen Zhang > > --- > diff --git a/drivers/gpu/drm/drm_edid_load.c b/drivers/gpu/drm/drm_edid_load.c > index a491509..a0e107a 100644 > --- a/drivers/gpu/drm/drm_edid_load.c > +++ b/drivers/gpu/drm/drm_edid_load.c > @@ -290,6 +290,8 @@ struct edid *drm_load_edid_firmware(struct drm_connector *connector) > * the last one found one as a fallback. > */ > fwstr = kstrdup(edid_firmware, GFP_KERNEL); > + if (!fwstr) > + return ERR_PTR(-ENOMEM); > edidstr = fwstr; > > while ((edidname = strsep(&edidstr, ","))) { > --- > _______________________________________________ > dri-devel mailing list > dri-devel@lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/dri-devel -- Jani Nikula, Intel Open Source Graphics Center