* [PATCH] drm/amd/display: fix a possible NULL pointer dereference in bios_parser_get_src_obj()
@ 2020-10-19 6:20 ` estherbdf
0 siblings, 0 replies; 7+ messages in thread
From: estherbdf @ 2020-10-19 6:20 UTC (permalink / raw)
To: daniel; +Cc: estherbdf, dri-devel, amd-gfx, linux-kernel
[Why] the func bios_parser_get_src_obj () is similar to bios_parser_get_dst_obj () which is fixed by the commit<a8f976473196>("drm/amd/display: Banch of smatch error and warning fixes in DC").
the symbol 'id' is uninitialized and it is not checked before dereference it,may lead to null pointer dereference.
[How] Initialized variable explicitly with NULL and add sanitizer.
Signed-off-by: estherbdf <603571786@qq.com>
---
drivers/gpu/drm/amd/display/dc/bios/bios_parser.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c b/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c
index 008d4d1..94c6cca 100644
--- a/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c
+++ b/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c
@@ -190,7 +190,7 @@ static enum bp_result bios_parser_get_src_obj(struct dc_bios *dcb,
struct graphics_object_id *src_object_id)
{
uint32_t number;
- uint16_t *id;
+ uint16_t *id = NULL;
ATOM_OBJECT *object;
struct bios_parser *bp = BP_FROM_DCB(dcb);
@@ -206,7 +206,7 @@ static enum bp_result bios_parser_get_src_obj(struct dc_bios *dcb,
number = get_src_obj_list(bp, object, &id);
- if (number <= index)
+ if (number <= index || !id)
return BP_RESULT_BADINPUT;
*src_object_id = object_id_from_bios_object_id(id[index]);
--
1.9.1
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH] drm/amd/display: fix a possible NULL pointer dereference in bios_parser_get_src_obj()
@ 2020-10-19 6:20 ` estherbdf
0 siblings, 0 replies; 7+ messages in thread
From: estherbdf @ 2020-10-19 6:20 UTC (permalink / raw)
To: daniel; +Cc: estherbdf, dri-devel, amd-gfx, linux-kernel
[Why] the func bios_parser_get_src_obj () is similar to bios_parser_get_dst_obj () which is fixed by the commit<a8f976473196>("drm/amd/display: Banch of smatch error and warning fixes in DC").
the symbol 'id' is uninitialized and it is not checked before dereference it,may lead to null pointer dereference.
[How] Initialized variable explicitly with NULL and add sanitizer.
Signed-off-by: estherbdf <603571786@qq.com>
---
drivers/gpu/drm/amd/display/dc/bios/bios_parser.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c b/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c
index 008d4d1..94c6cca 100644
--- a/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c
+++ b/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c
@@ -190,7 +190,7 @@ static enum bp_result bios_parser_get_src_obj(struct dc_bios *dcb,
struct graphics_object_id *src_object_id)
{
uint32_t number;
- uint16_t *id;
+ uint16_t *id = NULL;
ATOM_OBJECT *object;
struct bios_parser *bp = BP_FROM_DCB(dcb);
@@ -206,7 +206,7 @@ static enum bp_result bios_parser_get_src_obj(struct dc_bios *dcb,
number = get_src_obj_list(bp, object, &id);
- if (number <= index)
+ if (number <= index || !id)
return BP_RESULT_BADINPUT;
*src_object_id = object_id_from_bios_object_id(id[index]);
--
1.9.1
_______________________________________________
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] drm/amd/display: fix a possible NULL pointer dereference in bios_parser_get_src_obj()
2020-10-19 6:20 ` estherbdf
(?)
@ 2020-10-22 5:02 ` Alex Deucher
-1 siblings, 0 replies; 7+ messages in thread
From: Alex Deucher @ 2020-10-22 5:02 UTC (permalink / raw)
To: estherbdf; +Cc: Daniel Vetter, Maling list - DRI developers, amd-gfx list, LKML
On Mon, Oct 19, 2020 at 8:38 AM estherbdf <603571786@qq.com> wrote:
>
> [Why] the func bios_parser_get_src_obj () is similar to bios_parser_get_dst_obj () which is fixed by the commit<a8f976473196>("drm/amd/display: Banch of smatch error and warning fixes in DC").
> the symbol 'id' is uninitialized and it is not checked before dereference it,may lead to null pointer dereference.
> [How] Initialized variable explicitly with NULL and add sanitizer.
I think the current code is safe as is. get_src_obj_list() will
return 0 if *id_list is NULL and bios_parser_get_src_obj() checks if
number <= index.
Alex
>
> Signed-off-by: estherbdf <603571786@qq.com>
> ---
> drivers/gpu/drm/amd/display/dc/bios/bios_parser.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c b/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c
> index 008d4d1..94c6cca 100644
> --- a/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c
> +++ b/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c
> @@ -190,7 +190,7 @@ static enum bp_result bios_parser_get_src_obj(struct dc_bios *dcb,
> struct graphics_object_id *src_object_id)
> {
> uint32_t number;
> - uint16_t *id;
> + uint16_t *id = NULL;
> ATOM_OBJECT *object;
> struct bios_parser *bp = BP_FROM_DCB(dcb);
>
> @@ -206,7 +206,7 @@ static enum bp_result bios_parser_get_src_obj(struct dc_bios *dcb,
>
> number = get_src_obj_list(bp, object, &id);
>
> - if (number <= index)
> + if (number <= index || !id)
> return BP_RESULT_BADINPUT;
>
> *src_object_id = object_id_from_bios_object_id(id[index]);
> --
> 1.9.1
>
>
> _______________________________________________
> amd-gfx mailing list
> amd-gfx@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/amd-gfx
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] drm/amd/display: fix a possible NULL pointer dereference in bios_parser_get_src_obj()
@ 2020-10-22 5:02 ` Alex Deucher
0 siblings, 0 replies; 7+ messages in thread
From: Alex Deucher @ 2020-10-22 5:02 UTC (permalink / raw)
To: estherbdf; +Cc: amd-gfx list, Maling list - DRI developers, LKML
On Mon, Oct 19, 2020 at 8:38 AM estherbdf <603571786@qq.com> wrote:
>
> [Why] the func bios_parser_get_src_obj () is similar to bios_parser_get_dst_obj () which is fixed by the commit<a8f976473196>("drm/amd/display: Banch of smatch error and warning fixes in DC").
> the symbol 'id' is uninitialized and it is not checked before dereference it,may lead to null pointer dereference.
> [How] Initialized variable explicitly with NULL and add sanitizer.
I think the current code is safe as is. get_src_obj_list() will
return 0 if *id_list is NULL and bios_parser_get_src_obj() checks if
number <= index.
Alex
>
> Signed-off-by: estherbdf <603571786@qq.com>
> ---
> drivers/gpu/drm/amd/display/dc/bios/bios_parser.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c b/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c
> index 008d4d1..94c6cca 100644
> --- a/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c
> +++ b/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c
> @@ -190,7 +190,7 @@ static enum bp_result bios_parser_get_src_obj(struct dc_bios *dcb,
> struct graphics_object_id *src_object_id)
> {
> uint32_t number;
> - uint16_t *id;
> + uint16_t *id = NULL;
> ATOM_OBJECT *object;
> struct bios_parser *bp = BP_FROM_DCB(dcb);
>
> @@ -206,7 +206,7 @@ static enum bp_result bios_parser_get_src_obj(struct dc_bios *dcb,
>
> number = get_src_obj_list(bp, object, &id);
>
> - if (number <= index)
> + if (number <= index || !id)
> return BP_RESULT_BADINPUT;
>
> *src_object_id = object_id_from_bios_object_id(id[index]);
> --
> 1.9.1
>
>
> _______________________________________________
> amd-gfx mailing list
> amd-gfx@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/amd-gfx
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] drm/amd/display: fix a possible NULL pointer dereference in bios_parser_get_src_obj()
@ 2020-10-22 5:02 ` Alex Deucher
0 siblings, 0 replies; 7+ messages in thread
From: Alex Deucher @ 2020-10-22 5:02 UTC (permalink / raw)
To: estherbdf; +Cc: amd-gfx list, Maling list - DRI developers, Daniel Vetter, LKML
On Mon, Oct 19, 2020 at 8:38 AM estherbdf <603571786@qq.com> wrote:
>
> [Why] the func bios_parser_get_src_obj () is similar to bios_parser_get_dst_obj () which is fixed by the commit<a8f976473196>("drm/amd/display: Banch of smatch error and warning fixes in DC").
> the symbol 'id' is uninitialized and it is not checked before dereference it,may lead to null pointer dereference.
> [How] Initialized variable explicitly with NULL and add sanitizer.
I think the current code is safe as is. get_src_obj_list() will
return 0 if *id_list is NULL and bios_parser_get_src_obj() checks if
number <= index.
Alex
>
> Signed-off-by: estherbdf <603571786@qq.com>
> ---
> drivers/gpu/drm/amd/display/dc/bios/bios_parser.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c b/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c
> index 008d4d1..94c6cca 100644
> --- a/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c
> +++ b/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c
> @@ -190,7 +190,7 @@ static enum bp_result bios_parser_get_src_obj(struct dc_bios *dcb,
> struct graphics_object_id *src_object_id)
> {
> uint32_t number;
> - uint16_t *id;
> + uint16_t *id = NULL;
> ATOM_OBJECT *object;
> struct bios_parser *bp = BP_FROM_DCB(dcb);
>
> @@ -206,7 +206,7 @@ static enum bp_result bios_parser_get_src_obj(struct dc_bios *dcb,
>
> number = get_src_obj_list(bp, object, &id);
>
> - if (number <= index)
> + if (number <= index || !id)
> return BP_RESULT_BADINPUT;
>
> *src_object_id = object_id_from_bios_object_id(id[index]);
> --
> 1.9.1
>
>
> _______________________________________________
> amd-gfx mailing list
> amd-gfx@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/amd-gfx
_______________________________________________
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH] drm/amd/display: fix a possible NULL pointer dereference in bios_parser_get_src_obj()
@ 2020-10-19 10:10 Defang Bo
0 siblings, 0 replies; 7+ messages in thread
From: Defang Bo @ 2020-10-19 10:10 UTC (permalink / raw)
To: linux-kernel; +Cc: estherbdf
From: estherbdf <603571786@qq.com>
[Why] the func bios_parser_get_src_obj () is similar to bios_parser_get_dst_obj () which is fixed by the commit<a8f976473196>("drm/amd/display: Banch of smatch error and warning fixes in DC").
the symbol 'id' is uninitialized and it is not checked before dereference it,may lead to null pointer dereference.
[How] Initialized variable explicitly with NULL and add sanitizer.
Signed-off-by: estherbdf <603571786@qq.com>
---
drivers/gpu/drm/amd/display/dc/bios/bios_parser.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c b/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c
index 008d4d1..94c6cca 100644
--- a/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c
+++ b/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c
@@ -190,7 +190,7 @@ static enum bp_result bios_parser_get_src_obj(struct dc_bios *dcb,
struct graphics_object_id *src_object_id)
{
uint32_t number;
- uint16_t *id;
+ uint16_t *id = NULL;
ATOM_OBJECT *object;
struct bios_parser *bp = BP_FROM_DCB(dcb);
@@ -206,7 +206,7 @@ static enum bp_result bios_parser_get_src_obj(struct dc_bios *dcb,
number = get_src_obj_list(bp, object, &id);
- if (number <= index)
+ if (number <= index || !id)
return BP_RESULT_BADINPUT;
*src_object_id = object_id_from_bios_object_id(id[index]);
--
1.9.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH] drm/amd/display: fix a possible NULL pointer dereference in bios_parser_get_src_obj()
@ 2020-10-19 9:17 薄德芳
0 siblings, 0 replies; 7+ messages in thread
From: 薄德芳 @ 2020-10-19 9:17 UTC (permalink / raw)
To: linux-kernel
[Why] the func bios_parser_get_src_obj () is similar to bios_parser_get_dst_obj () which is fixed by the commit<a8f976473196>("drm/amd/display: Banch of smatch error and warning fixes in DC").
the symbol 'id' is uninitialized and it is not checked before dereference it,may lead to null pointer dereference.
[How] Initialized variable explicitly with NULL and add sanitizer.
Signed-off-by: estherbdf <603571786@qq.com>
---
drivers/gpu/drm/amd/display/dc/bios/bios_parser.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c b/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c
index 008d4d1..94c6cca 100644
--- a/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c
+++ b/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c
@@ -190,7 +190,7 @@ static enum bp_result bios_parser_get_src_obj(struct dc_bios *dcb,
struct graphics_object_id *src_object_id)
{
uint32_t number;
- uint16_t *id;
+ uint16_t *id = NULL;
ATOM_OBJECT *object;
struct bios_parser *bp = BP_FROM_DCB(dcb);
@@ -206,7 +206,7 @@ static enum bp_result bios_parser_get_src_obj(struct dc_bios *dcb,
number = get_src_obj_list(bp, object, &id);
- if (number <= index)
+ if (number <= index || !id)
return BP_RESULT_BADINPUT;
*src_object_id = object_id_from_bios_object_id(id[index]);
--
1.9.1
</a8f976473196>
^ permalink raw reply related [flat|nested] 7+ messages in thread
end of thread, other threads:[~2020-10-22 5:02 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-19 6:20 [PATCH] drm/amd/display: fix a possible NULL pointer dereference in bios_parser_get_src_obj() estherbdf
2020-10-19 6:20 ` estherbdf
2020-10-22 5:02 ` Alex Deucher
2020-10-22 5:02 ` Alex Deucher
2020-10-22 5:02 ` Alex Deucher
2020-10-19 9:17 薄德芳
2020-10-19 10:10 Defang Bo
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.