From 4ffb8deeed58b75dd1a23580845233b6ce0dca6c Mon Sep 17 00:00:00 2001 From: Joe Moriarty Date: Tue, 20 Feb 2018 14:11:56 -0500 Subject: [PATCH] drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem The Parfait (version 2.1.0) static code analysis tool found the following NULL pointer derefernce problem. - drivers/gpu/drm/drm_vblank.c Null pointer checks were added to return values from calls to drm_crtc_from_index(). There is a possibility, however minute, that crtc->index may not be found when trying to find the struct crtc from it's assigned index given in drm_crtc_init_with_planes(). 3 return checks for NULL where added with a call to WARN_ON(!crtc). Signed-off-by: Joe Moriarty Reviewed-by: Steven Sistare Signed-off-by: Daniel Vetter Link: https://patchwork.freedesktop.org/patch/msgid/20180220191157.100960-2-joe.moriarty@oracle.com --- drivers/gpu/drm/drm_vblank.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/drivers/gpu/drm/drm_vblank.c b/drivers/gpu/drm/drm_vblank.c index 32d9bcf5be7f..03b431eb47ae 100644 --- a/drivers/gpu/drm/drm_vblank.c +++ b/drivers/gpu/drm/drm_vblank.c @@ -120,6 +120,9 @@ static u32 __get_vblank_counter(struct drm_device *dev, unsigned int pipe) if (drm_core_check_feature(dev, DRIVER_MODESET)) { struct drm_crtc *crtc = drm_crtc_from_index(dev, pipe); + if (WARN_ON(!crtc)) + return 0; + if (crtc->funcs->get_vblank_counter) return crtc->funcs->get_vblank_counter(crtc); } @@ -318,6 +321,9 @@ static void __disable_vblank(struct drm_device *dev, unsigned int pipe) if (drm_core_check_feature(dev, DRIVER_MODESET)) { struct drm_crtc *crtc = drm_crtc_from_index(dev, pipe); + if (WARN_ON(!crtc)) + return; + if (crtc->funcs->disable_vblank) { crtc->funcs->disable_vblank(crtc); return; @@ -918,6 +924,9 @@ static int __enable_vblank(struct drm_device *dev, unsigned int pipe) if (drm_core_check_feature(dev, DRIVER_MODESET)) { struct drm_crtc *crtc = drm_crtc_from_index(dev, pipe); + if (WARN_ON(!crtc)) + return 0; + if (crtc->funcs->enable_vblank) return crtc->funcs->enable_vblank(crtc); }