Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp767379ybi; Fri, 24 May 2019 11:06:24 -0700 (PDT) X-Google-Smtp-Source: APXvYqwn7ohPdB/V/EeNI3H+A9Gl49yZkt6AlmzGeWKn61oEMaQTXIisN+dodHmpxuB0mBW/NpFS X-Received: by 2002:a63:d0e:: with SMTP id c14mr108810999pgl.345.1558721183923; Fri, 24 May 2019 11:06:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1558721183; cv=none; d=google.com; s=arc-20160816; b=g1GI0ZcsFZt105mE9Zb8KJeQsqtXUyXUN8/4t+Wd3pYnvxw7CK7cxF3R006lUXkB5L aiTiIE+Bs2Im/3fX444Y1mp5yBAKmJu8TqDdeMFBLpmgja9wJ89QN9Og1xWBbHd5gyxb tH0HGw8xCh5JG1Tm6rHDg8bxWSDN7QBrHKyec0bGSBf7pq+PrWKQgYLbK4fViRus8YQX BhzWCgYPh+rLZi9zMOE3NqETxwjEQ+MONMsA0k0V/JG4Tz8NLF7UqP3BgnGHZegXdXVq 5eAGovrEkAL+kEuLsnyC6oa9btY4c3+mHVUKqh7bTvMYnxz8+yCN3GVXNMzQa1xP7NF/ KGlg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:references :organization:in-reply-to:subject:cc:to:from; bh=6KNU2cvwwyMkf4+CPAXKF8lW/5TrEO6udVjYaLYFBKQ=; b=nmU3C7SA3V65KtAWzpA0775YzuCJeGoeCtUdR8griEBmb6W8doBuh7Y4LxPQ/fOIZ1 C4JNU3Slnn/W+EOfdf4JWZ3ROARyBmzCIX3977eeIzWfQS0kmEPz8lz8witXmVTYjG+/ ZIxaejwq7BO9y53cItKjV3ZDzosnVU13kkEixYCp2Z9Y/c9pTdfx96x4eyFkWyv62IBN U9dyTS5Tfg67W2X6zsa4xlg69REFV9bz5ba8aS8itRJ4rlSEIdn+jIVLsjdcudfwl1jS bHPqtmRn5GeYzkyuHWzukarWLX1UPDjJOrcOLzBRmfgGWkpY+owLmH+AmjCS3TlmP6T0 FRbA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c8si4658433pjs.87.2019.05.24.11.06.08; Fri, 24 May 2019 11:06:23 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731990AbfEXSDE (ORCPT + 99 others); Fri, 24 May 2019 14:03:04 -0400 Received: from mga18.intel.com ([134.134.136.126]:55567 "EHLO mga18.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726869AbfEXSDD (ORCPT ); Fri, 24 May 2019 14:03:03 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 24 May 2019 11:03:03 -0700 X-ExtLoop1: 1 Received: from unknown (HELO localhost) ([10.252.46.194]) by fmsmga001.fm.intel.com with ESMTP; 24 May 2019 11:03:01 -0700 From: Jani Nikula To: Gen Zhang , maarten.lankhorst@linux.intel.com, maxime.ripard@bootlin.com Cc: dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] drm_edid-load: Fix a missing-check bug in drm_load_edid_firmware() In-Reply-To: <20190524023222.GA5302@zhanggen-UX430UQ> Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo References: <20190522123920.GB6772@zhanggen-UX430UQ> <87o93u7d3s.fsf@intel.com> <20190524023222.GA5302@zhanggen-UX430UQ> Date: Fri, 24 May 2019 21:02:59 +0300 Message-ID: <87pno7n31o.fsf@intel.com> MIME-Version: 1.0 Content-Type: text/plain Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 24 May 2019, Gen Zhang wrote: > In drm_load_edid_firmware(), fwstr is allocated by kstrdup(). And fwstr > is dereferenced in the following codes. However, memory allocation > functions such as kstrdup() may fail and returns NULL. Dereferencing > this null pointer may cause the kernel go wrong. Thus we should check > this kstrdup() operation. > Further, if kstrdup() returns NULL, we should return ERR_PTR(-ENOMEM) to > the caller site. > > Signed-off-by: Gen Zhang > Reviewed-by: Jani Nikula Pushed to drm-misc-next, thanks for the patch. BR, Jani. > --- > diff --git a/drivers/gpu/drm/drm_edid_load.c b/drivers/gpu/drm/drm_edid_load.c > index a491509..a0e107a 100644 > --- a/drivers/gpu/drm/drm_edid_load.c > +++ b/drivers/gpu/drm/drm_edid_load.c > @@ -290,6 +290,8 @@ struct edid *drm_load_edid_firmware(struct drm_connector *connector) > * the last one found one as a fallback. > */ > fwstr = kstrdup(edid_firmware, GFP_KERNEL); > + if (!fwstr) > + return ERR_PTR(-ENOMEM); > edidstr = fwstr; > > while ((edidname = strsep(&edidstr, ","))) { > --- -- Jani Nikula, Intel Open Source Graphics Center