drm/simple_kms_helper: Fix NULL pointer dereference with no active CRTC (4751cf73) · Commits · 戴 / test

It is possible that drm_simple_kms_plane_atomic_check called with no CRTC set, e.g. when user-space application sets CRTC_ID/FB_ID to 0 before doing any actual drawing. This leads to NULL pointer dereference because in this case new CRTC state is NULL and must be checked before accessing. Signed-off-by:

Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com> Reviewed-by:

Daniel Vetter <daniel.vetter@ffwll.ch> Signed-off-by:

Daniel Vetter <daniel.vetter@ffwll.ch> Link: https://patchwork.freedesktop.org/patch/msgid/1519279759-7803-1-git-send-email-andr2000@gmail.com

drivers/gpu/drm/drm_simple_kms_helper.c

+3 −7

Original line number	Diff line number	Diff line
		@@ -112,12 +112,6 @@ static int drm_simple_kms_plane_atomic_check(struct drm_plane *plane,
		pipe = container_of(plane, struct drm_simple_display_pipe, plane);
		crtc_state = drm_atomic_get_new_crtc_state(plane_state->state,
		&pipe->crtc);
		if (!crtc_state->enable)
		return 0; /* nothing to check when disabling or disabled */

		if (crtc_state->enable)
		drm_mode_get_hv_timing(&crtc_state->mode,
		&clip.x2, &clip.y2);

		ret = drm_atomic_helper_check_plane_state(plane_state, crtc_state,
		&clip,
		@@ -128,7 +122,9 @@ static int drm_simple_kms_plane_atomic_check(struct drm_plane *plane,
		return ret;

		if (!plane_state->visible)
		return -EINVAL;
		return 0;

		drm_mode_get_hv_timing(&crtc_state->mode, &clip.x2, &clip.y2);

		if (!pipe->funcs \|\| !pipe->funcs->check)
		return 0;

Admin message