From: Joe Moriarty Date: Tue, 20 Feb 2018 14:11:56 -0500 Subject: drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem Git-commit: 4ffb8deeed58b75dd1a23580845233b6ce0dca6c Patch-mainline: v4.17-rc1 References: FATE#326289 FATE#326079 FATE#326049 FATE#322398 FATE#326166 The Parfait (version 2.1.0) static code analysis tool found the following NULL pointer derefernce problem. - drivers/gpu/drm/drm_vblank.c Null pointer checks were added to return values from calls to drm_crtc_from_index(). There is a possibility, however minute, that crtc->index may not be found when trying to find the struct crtc from it's assigned index given in drm_crtc_init_with_planes(). 3 return checks for NULL where added with a call to WARN_ON(!crtc). Signed-off-by: Joe Moriarty Reviewed-by: Steven Sistare Signed-off-by: Daniel Vetter Link: https://patchwork.freedesktop.org/patch/msgid/20180220191157.100960-2-joe.moriarty@oracle.com Acked-by: Petr Tesarik --- drivers/gpu/drm/drm_vblank.c | 9 +++++++++ 1 file changed, 9 insertions(+) --- a/drivers/gpu/drm/drm_vblank.c +++ b/drivers/gpu/drm/drm_vblank.c @@ -120,6 +120,9 @@ static u32 __get_vblank_counter(struct d if (drm_core_check_feature(dev, DRIVER_MODESET)) { struct drm_crtc *crtc = drm_crtc_from_index(dev, pipe); + if (WARN_ON(!crtc)) + return 0; + if (crtc->funcs->get_vblank_counter) return crtc->funcs->get_vblank_counter(crtc); } @@ -318,6 +321,9 @@ static void __disable_vblank(struct drm_ if (drm_core_check_feature(dev, DRIVER_MODESET)) { struct drm_crtc *crtc = drm_crtc_from_index(dev, pipe); + if (WARN_ON(!crtc)) + return; + if (crtc->funcs->disable_vblank) { crtc->funcs->disable_vblank(crtc); return; @@ -919,6 +925,9 @@ static int __enable_vblank(struct drm_de if (drm_core_check_feature(dev, DRIVER_MODESET)) { struct drm_crtc *crtc = drm_crtc_from_index(dev, pipe); + if (WARN_ON(!crtc)) + return 0; + if (crtc->funcs->enable_vblank) return crtc->funcs->enable_vblank(crtc); }