projects / linux-block.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3c36423)
drm/tegra: Fix a possible null pointer dereference
authorQiu-ji Chen <chenqiuji666@gmail.com>
Wed, 6 Nov 2024 09:59:06 +0000 (17:59 +0800)
committerThierry Reding <treding@nvidia.com>
Wed, 7 May 2025 16:07:27 +0000 (18:07 +0200)
In tegra_crtc_reset(), new memory is allocated with kzalloc(), but
no check is performed. Before calling __drm_atomic_helper_crtc_reset,
state should be checked to prevent possible null pointer dereference.

Fixes: b7e0b04ae450 ("drm/tegra: Convert to using __drm_atomic_helper_crtc_reset() for reset.")
Cc: stable@vger.kernel.org
Signed-off-by: Qiu-ji Chen <chenqiuji666@gmail.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Link: https://lore.kernel.org/r/20241106095906.15247-1-chenqiuji666@gmail.com
drivers/gpu/drm/tegra/dc.c patch | blob | blame | history

diff --git a/drivers/gpu/drm/tegra/dc.c b/drivers/gpu/drm/tegra/dc.c
index 56f12dbcee3e93ff5e4804e5fe9b23f160073ebf..59d5c1ba145a82f62c1835da574867084da98106 100644 (file)
--- a/drivers/gpu/drm/tegra/dc.c
+++ b/drivers/gpu/drm/tegra/dc.c
@@ -1393,7 +1393,10 @@ static void tegra_crtc_reset(struct drm_crtc *crtc)
        if (crtc->state)
                tegra_crtc_atomic_destroy_state(crtc, crtc->state);
 
-       __drm_atomic_helper_crtc_reset(crtc, &state->base);
+       if (state)
+               __drm_atomic_helper_crtc_reset(crtc, &state->base);
+       else
+               __drm_atomic_helper_crtc_reset(crtc, NULL);
 }
 
 static struct drm_crtc_state *
Linux 6.x block layer and io_uring tree(s)