LinuxLists.cc - [PATCH] video: fbdev: fix possible null dereference

2015-02-12 15:47:50

Subject: [PATCH] video: fbdev: fix possible null dereference

we were dereferencing edid first and the NULL check was after
accessing that. now we are using edid only if we know that
it is not NULL.

Signed-off-by: Sudip Mukherjee <[email protected]>
---
drivers/video/fbdev/core/fbmon.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/video/fbdev/core/fbmon.c b/drivers/video/fbdev/core/fbmon.c
index 9533859..868facd 100644
--- a/drivers/video/fbdev/core/fbmon.c
+++ b/drivers/video/fbdev/core/fbmon.c
@@ -624,9 +624,6 @@ static struct fb_videomode *fb_create_modedb(unsigned char *edid, int *dbsize,
int num = 0, i, first = 1;
int ver, rev;

- ver = edid[EDID_STRUCT_VERSION];
- rev = edid[EDID_STRUCT_REVISION];
-
mode = kzalloc(50 * sizeof(struct fb_videomode), GFP_KERNEL);
if (mode == NULL)
return NULL;
@@ -637,6 +634,9 @@ static struct fb_videomode *fb_create_modedb(unsigned char *edid, int *dbsize,
return NULL;
}

+ ver = edid[EDID_STRUCT_VERSION];
+ rev = edid[EDID_STRUCT_REVISION];
+
*dbsize = 0;

DPRINTK(" Detailed Timings\n");
--
1.8.1.2

2015-02-20 12:13:51

by Tomi Valkeinen

[permalink] [raw]

Subject: Re: [PATCH] video: fbdev: fix possible null dereference

On 12/02/15 17:47, Sudip Mukherjee wrote:
> we were dereferencing edid first and the NULL check was after
> accessing that. now we are using edid only if we know that
> it is not NULL.
>
> Signed-off-by: Sudip Mukherjee <[email protected]>
> ---
> drivers/video/fbdev/core/fbmon.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/video/fbdev/core/fbmon.c b/drivers/video/fbdev/core/fbmon.c
> index 9533859..868facd 100644
> --- a/drivers/video/fbdev/core/fbmon.c
> +++ b/drivers/video/fbdev/core/fbmon.c
> @@ -624,9 +624,6 @@ static struct fb_videomode *fb_create_modedb(unsigned char *edid, int *dbsize,
> int num = 0, i, first = 1;
> int ver, rev;
>
> - ver = edid[EDID_STRUCT_VERSION];
> - rev = edid[EDID_STRUCT_REVISION];
> -
> mode = kzalloc(50 * sizeof(struct fb_videomode), GFP_KERNEL);
> if (mode == NULL)
> return NULL;
> @@ -637,6 +634,9 @@ static struct fb_videomode *fb_create_modedb(unsigned char *edid, int *dbsize,
> return NULL;
> }
>
> + ver = edid[EDID_STRUCT_VERSION];
> + rev = edid[EDID_STRUCT_REVISION];
> +
> *dbsize = 0;
>
> DPRINTK(" Detailed Timings\n");
>

Thanks, queued for 3.20.

Tomi

Attachments:

signature.asc (819.00 B)
OpenPGP digital signature