On Mon, Dec 04, 2017 at 03:54:18PM -0600, Gustavo A. R. Silva wrote:
> crtc_state is being null checked in a previous code block, which implies
> that such pointer might be null.
>
> crtc_state is dereferenced in drm_atomic_helper_check_plane_state, hence
> there is a potential null pointer dereference.
This is a false positive. drm_atomic_helper_check_plane_state() will not
dereference crtc_state when plane_state->crtc is NULL.
>
> Fix this by warning-on and returning -EINVAL in case crtc_state is null.
>
> Addresses-Coverity-ID: 1462412 ("Dereference after null check")
> Fixes: a01cb8ba3f62 ("drm: Move drm_plane_helper_check_state() into
> drm_atomic_helper.c")
> Signed-off-by: Gustavo A. R. Silva <garsi...@embeddedor.com>
> ---
> drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
> b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
> index a2a93d7..72c3b290 100644
> --- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
> +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
> @@ -454,6 +454,9 @@ int vmw_du_primary_plane_atomic_check(struct drm_plane
> *plane,
> clip.y2 = crtc_state->adjusted_mode.vdisplay;
> }
>
> + if (WARN_ON(!crtc_state))
> + return -EINVAL;
This would in fact break the driver because it would flag an error
whenever the plane is disabled.
> +
> ret = drm_atomic_helper_check_plane_state(state, crtc_state, &clip,
> DRM_PLANE_HELPER_NO_SCALING,
> DRM_PLANE_HELPER_NO_SCALING,
> --
> 2.7.4
>
> _______________________________________________
> dri-devel mailing list
> dri-de...@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/dri-devel
--
Ville Syrjälä
Intel OTC
