lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 10 Aug 2021 17:28:07 +0800 From: Tuo Li <islituo@...il.com> To: alexander.deucher@....com, christian.koenig@....com, Xinhui.Pan@....com, airlied@...ux.ie, daniel@...ll.ch, evan.quan@....com, luben.tuikov@....com, tzimmermann@...e.de, lee.jones@...aro.org, mh12gx2825@...il.com, sakari.ailus@...ux.intel.com, zhangqilong3@...wei.com, pmladek@...e.com Cc: amd-gfx@...ts.freedesktop.org, dri-devel@...ts.freedesktop.org, Linux Kernel <linux-kernel@...r.kernel.org>, "baijiaju1990@...il.com" <baijiaju1990@...il.com> Subject: [BUG] drm/amdgpu: possible null-pointer dereference in dce_vXX_0_afmt_setmode() Hello, Our static analysis tool finds some possible null-pointer dereferences in the amdgpu driver in Linux 5.14.0-rc3: In dce_v10_0.c: The variable encoder->crtc is checked in: 1591: if (encoder->crtc) This indicates that encoder->crtc can be NULL. Then the function dce_v10_0_audio_set_dto() is called with the argument encoder: 1600: ce_v10_0_audio_set_dto(encoder, mode->clock); However, encoder->crtc is dereferenced in this function: 1545: struct amdgpu_crtc *amdgpu_crtc = to_amdgpu_crtc(encoder->crtc); 1559: tmp = REG_SET_FIELD(tmp, DCCG_AUDIO_DTO_SOURCE, DCCG_AUDIO_DTO0_SOURCE_SEL, amdgpu_crtc->crtc_id); In dce_v11_0.c and dce_v8_0.c, situations are the same. I am not quite sure whether these possible null-pointer dereferences are real and how to fix them if they are real. Any feedback would be appreciated, thanks! Reported-by: TOTE Robot <oslab@...nghua.edu.cn> Best wishes, Tuo Li
Powered by blists - more mailing lists