From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Fri, 11 Aug 2017 23:16:06 +0300
Subject: drm/omap: Potential NULL deref in omap_crtc_duplicate_state()
Git-commit: 2419672f4c96ca678a95d0f733f44d3ee036b5c8
Patch-mainline: v4.14-rc1
References: FATE#326289 FATE#326079 FATE#326049 FATE#322398 FATE#326166
If the kmalloc() fails then we dereference "state" when we set
"state->zpos".
Fixes: 3dfeb631a15d ("drm/omap: Rework the rotation-on-crtc hack")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
Acked-by: Petr Tesarik <ptesarik@suse.com>
---
drivers/gpu/drm/omapdrm/omap_crtc.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/gpu/drm/omapdrm/omap_crtc.c
+++ b/drivers/gpu/drm/omapdrm/omap_crtc.c
@@ -589,8 +589,10 @@ omap_crtc_duplicate_state(struct drm_crt
current_state = to_omap_crtc_state(crtc->state);
state = kmalloc(sizeof(*state), GFP_KERNEL);
- if (state)
- __drm_atomic_helper_crtc_duplicate_state(crtc, &state->base);
+ if (!state)
+ return NULL;
+
+ __drm_atomic_helper_crtc_duplicate_state(crtc, &state->base);
state->zpos = current_state->zpos;
state->rotation = current_state->rotation;