gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_pro...

[ Upstream commit f3eb9b8f67bc28783eddc142ad805ebdc53d6339 ]

In radeon_connector_set_property(), there is an if statement on line 743
to check whether connector->encoder is NULL:
    if (connector->encoder)

When connector->encoder is NULL, it is used on line 755:
    if (connector->encoder->crtc)

Thus, a possible null-pointer dereference may occur.

To fix this bug, connector->encoder is checked before being used.

This bug is found by a static analysis tool STCheck written by us.

Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/drivers/gpu/drm/radeon/radeon_connectors.c b/drivers/gpu/drm/radeon/radeon_connectors.c
index c5e1aa5f1d8ea89789054bddd7b5c28f1d607c5f..efa875120071a094e6d366e2e8973ae7346ac578 100644 (file)
--- a/drivers/gpu/drm/radeon/radeon_connectors.c
+++ b/drivers/gpu/drm/radeon/radeon_connectors.c
@@ -764,7 +764,7 @@ static int radeon_connector_set_property(struct drm_connector *connector, struct
 
                radeon_encoder->output_csc = val;
 
-               if (connector->encoder->crtc) {
+               if (connector->encoder && connector->encoder->crtc) {
                        struct drm_crtc *crtc  = connector->encoder->crtc;
                        const struct drm_crtc_helper_funcs *crtc_funcs = crtc->helper_private;
                        struct radeon_crtc *radeon_crtc = to_radeon_crtc(crtc);