LinuxLists.cc - [PATCH] drm/gma500: fix potential NULL pointer dereference dereference

2017-08-12 01:55:21

Subject: [PATCH] drm/gma500: fix potential NULL pointer dereference dereference

NULL check at line 528: if (!sender || !data_out || !len_out) {, implies
that pointer _sender_ might be NULL.

Move pointer _sender_ dereference after NULL check in order to avoid a
potential NULL pointer dereference.

This issue was detected with the help of Coccinelle.

Signed-off-by: Gustavo A. R. Silva <[email protected]>
---
drivers/gpu/drm/gma500/mdfld_dsi_pkg_sender.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/gma500/mdfld_dsi_pkg_sender.c b/drivers/gpu/drm/gma500/mdfld_dsi_pkg_sender.c
index 1616af2..c50534c 100644
--- a/drivers/gpu/drm/gma500/mdfld_dsi_pkg_sender.c
+++ b/drivers/gpu/drm/gma500/mdfld_dsi_pkg_sender.c
@@ -520,7 +520,7 @@ static int __read_panel_data(struct mdfld_dsi_pkg_sender *sender, u8 data_type,
u8 *data, u16 len, u32 *data_out, u16 len_out, bool hs)
{
unsigned long flags;
- struct drm_device *dev = sender->dev;
+ struct drm_device *dev;
int i;
u32 gen_data_reg;
int retry = MDFLD_DSI_READ_MAX_COUNT;
@@ -530,6 +530,8 @@ static int __read_panel_data(struct mdfld_dsi_pkg_sender *sender, u8 data_type,
return -EINVAL;
}

+ dev = sender->dev;
+
/**
* do reading.
* 0) send out generic read request
--
2.5.0

2017-08-14 14:12:19

by Daniel Vetter

[permalink] [raw]

Subject: Re: [PATCH] drm/gma500: fix potential NULL pointer dereference dereference

On Fri, Aug 11, 2017 at 08:55:15PM -0500, Gustavo A. R. Silva wrote:
> NULL check at line 528: if (!sender || !data_out || !len_out) {, implies
> that pointer _sender_ might be NULL.
>
> Move pointer _sender_ dereference after NULL check in order to avoid a
> potential NULL pointer dereference.
>
> This issue was detected with the help of Coccinelle.
>
> Signed-off-by: Gustavo A. R. Silva <[email protected]>

Applied to drm-misc-next, thanks.
-Daniel

> ---
> drivers/gpu/drm/gma500/mdfld_dsi_pkg_sender.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/gma500/mdfld_dsi_pkg_sender.c b/drivers/gpu/drm/gma500/mdfld_dsi_pkg_sender.c
> index 1616af2..c50534c 100644
> --- a/drivers/gpu/drm/gma500/mdfld_dsi_pkg_sender.c
> +++ b/drivers/gpu/drm/gma500/mdfld_dsi_pkg_sender.c
> @@ -520,7 +520,7 @@ static int __read_panel_data(struct mdfld_dsi_pkg_sender *sender, u8 data_type,
> u8 *data, u16 len, u32 *data_out, u16 len_out, bool hs)
> {
> unsigned long flags;
> - struct drm_device *dev = sender->dev;
> + struct drm_device *dev;
> int i;
> u32 gen_data_reg;
> int retry = MDFLD_DSI_READ_MAX_COUNT;
> @@ -530,6 +530,8 @@ static int __read_panel_data(struct mdfld_dsi_pkg_sender *sender, u8 data_type,
> return -EINVAL;
> }
>
> + dev = sender->dev;
> +
> /**
> * do reading.
> * 0) send out generic read request
> --
> 2.5.0
>
> _______________________________________________
> dri-devel mailing list
> [email protected]
> https://lists.freedesktop.org/mailman/listinfo/dri-devel

--
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch