Commit 6c148380 authored Apr 05, 2016 by Liu Ying Committed by Daniel Vetter Apr 14, 2016

drm/crtc_helper: Reset empty plane state in drm_helper_crtc_mode_set_base()



Transitional drivers might access the NULL pointer plane->state in
drm_helper_crtc_mode_set_base(), which causes NULL pointer dereference.
So, let's reset it before handing it over to those drivers.
commit e4f31ad2 ("drm: reset empty state in transitional helpers")
did the same thing for other transitional helpers, but it seems this one
was missed.

Signed-off-by: Liu Ying <gnuiyl@gmail.com>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: http://patchwork.freedesktop.org/patch/msgid/1459846239-8946-1-git-send-email-gnuiyl@gmail.com

parent 1b311124

drivers/gpu/drm/drm_crtc_helper.c

+5 −3

Original line number	Diff line number	Diff line
		@@ -1053,10 +1053,12 @@ int drm_helper_crtc_mode_set_base(struct drm_crtc *crtc, int x, int y,

		if (plane->funcs->atomic_duplicate_state)
		plane_state = plane->funcs->atomic_duplicate_state(plane);
		else if (plane->state)
		else {
		if (!plane->state)
		drm_atomic_helper_plane_reset(plane);

		plane_state = drm_atomic_helper_plane_duplicate_state(plane);
		else
		plane_state = kzalloc(sizeof(*plane_state), GFP_KERNEL);
		}
		if (!plane_state)
		return -ENOMEM;
		plane_state->plane = plane;

Admin message