projects / platform / kernel / linux-rpi.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4161f20)
drm/omap: Potential NULL deref in omap_crtc_duplicate_state()
authorDan Carpenter <dan.carpenter@oracle.com>
Fri, 11 Aug 2017 20:16:06 +0000 (23:16 +0300)
committerTomi Valkeinen <tomi.valkeinen@ti.com>
Wed, 16 Aug 2017 13:21:18 +0000 (16:21 +0300)
If the kmalloc() fails then we dereference "state" when we set
"state->zpos".

Fixes: 3dfeb631a15d ("drm/omap: Rework the rotation-on-crtc hack")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
drivers/gpu/drm/omapdrm/omap_crtc.c patch | blob | history

diff --git a/drivers/gpu/drm/omapdrm/omap_crtc.c b/drivers/gpu/drm/omapdrm/omap_crtc.c
index 400d0d2..cc85c16 100644 (file)
--- a/drivers/gpu/drm/omapdrm/omap_crtc.c
+++ b/drivers/gpu/drm/omapdrm/omap_crtc.c
@@ -589,8 +589,10 @@ omap_crtc_duplicate_state(struct drm_crtc *crtc)
        current_state = to_omap_crtc_state(crtc->state);
 
        state = kmalloc(sizeof(*state), GFP_KERNEL);
-       if (state)
-               __drm_atomic_helper_crtc_duplicate_state(crtc, &state->base);
+       if (!state)
+               return NULL;
+
+       __drm_atomic_helper_crtc_duplicate_state(crtc, &state->base);
 
        state->zpos = current_state->zpos;
        state->rotation = current_state->rotation;
Domain: System / Kernel;