| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 10 Aug 2021 17:28:07 +0800
From: Tuo Li <islituo@...il.com>
To: alexander.deucher@....com, christian.koenig@....com,
Xinhui.Pan@....com, airlied@...ux.ie, daniel@...ll.ch,
evan.quan@....com, luben.tuikov@....com, tzimmermann@...e.de,
lee.jones@...aro.org, mh12gx2825@...il.com,
sakari.ailus@...ux.intel.com, zhangqilong3@...wei.com,
pmladek@...e.com
Cc: amd-gfx@...ts.freedesktop.org, dri-devel@...ts.freedesktop.org,
Linux Kernel <linux-kernel@...r.kernel.org>,
"baijiaju1990@...il.com" <baijiaju1990@...il.com>
Subject: [BUG] drm/amdgpu: possible null-pointer dereference in
dce_vXX_0_afmt_setmode()
Hello,
Our static analysis tool finds some possible null-pointer dereferences
in the amdgpu driver in Linux 5.14.0-rc3:
In dce_v10_0.c:
The variable encoder->crtc is checked in:
1591: if (encoder->crtc)
This indicates that encoder->crtc can be NULL.
Then the function dce_v10_0_audio_set_dto() is called with the argument
encoder:
1600: ce_v10_0_audio_set_dto(encoder, mode->clock);
However, encoder->crtc is dereferenced in this function:
1545: struct amdgpu_crtc *amdgpu_crtc = to_amdgpu_crtc(encoder->crtc);
1559: tmp = REG_SET_FIELD(tmp, DCCG_AUDIO_DTO_SOURCE,
DCCG_AUDIO_DTO0_SOURCE_SEL, amdgpu_crtc->crtc_id);
In dce_v11_0.c and dce_v8_0.c, situations are the same.
I am not quite sure whether these possible null-pointer dereferences are
real and how to fix them if they are real.
Any feedback would be appreciated, thanks!
Reported-by: TOTE Robot <oslab@...nghua.edu.cn>
Best wishes,
Tuo Li
Powered by blists - more mailing lists