lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <5609ce98-9bbb-29f4-0c4c-a4d3654152f7@ispras.ru>
Date: Fri, 5 Jan 2024 21:33:07 +0700
From: Alexey Khoroshilov <khoroshilov@...ras.ru>
To: Andrey Shumilin <shum.sdl@...ct.ru>, Karol Herbst <kherbst@...hat.com>
Cc: Lyude Paul <lyude@...hat.com>, Danilo Krummrich <dakr@...hat.com>,
 David Airlie <airlied@...il.com>, Daniel Vetter <daniel@...ll.ch>,
 Maxime Ripard <mripard@...nel.org>, Thomas Zimmermann <tzimmermann@...e.de>,
 Noralf Trønnes <noralf@...nnes.org>,
 Jani Nikula <jani.nikula@...el.com>, dri-devel@...ts.freedesktop.org,
 nouveau@...ts.freedesktop.org, linux-kernel@...r.kernel.org,
 "lvc-project@...uxtesting.org" <lvc-project@...uxtesting.org>
Subject: Re: [PATCH] tvnv17.c: Adding a NULL pointer check.

> Subject: tvnv17.c: Adding a NULL pointer check.

As

$ git log --oneline drivers/gpu/drm/nouveau/dispnv04/tvnv17.c
874ee2d67fc9 drm/nouveau: Remove unnecessary include statements for
drm_crtc_helper.h
80ed86d4b6d7 drm/connector: Rename drm_mode_create_tv_properties
1fd4a5a36f9f drm/connector: Rename legacy TV property
09838c4efe9a drm/nouveau/kms: Search for encoders' connectors properly
2574c809d7c0 drm/nouveau/kms/nv04-nv4x: Use match_string() helper to
simplify the code
...

shows, a better prefix should be
drm/nouveau:
and there should not be a dot at the end.

e.g.
drm/nouveau: Avoid NPE in nv17_tv_get_XX_modes()

On 16.11.2023 09:51, Andrey Shumilin wrote:
> It is possible to dereference a null pointer if drm_mode_duplicate() returns NULL.

I would suggest to add a little bit more details:

drm_mode_duplicate() may return NULL in case of error, e.g. if memory
allocation fails. It leads to NULL pointer dereference in
nv17_tv_get_ld_modes() and nv17_tv_get_hd_modes(), since they do not
check if drm_mode_duplicate() succeeds.

Otherwise, looks good.

Reviewed-by: Alexey Khoroshilov <khoroshilov@...ras.ru>


> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Signed-off-by: Andrey Shumilin <shum.sdl@...ct.ru>
> ---
>  drivers/gpu/drm/nouveau/dispnv04/tvnv17.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/gpu/drm/nouveau/dispnv04/tvnv17.c b/drivers/gpu/drm/nouveau/dispnv04/tvnv17.c
> index 670c9739e5e1..1f0c5f4a5fd2 100644
> --- a/drivers/gpu/drm/nouveau/dispnv04/tvnv17.c
> +++ b/drivers/gpu/drm/nouveau/dispnv04/tvnv17.c
> @@ -209,7 +209,8 @@ static int nv17_tv_get_ld_modes(struct drm_encoder *encoder,
>  		struct drm_display_mode *mode;
>  
>  		mode = drm_mode_duplicate(encoder->dev, tv_mode);
> -
> +		if (mode == NULL)
> +			continue;
>  		mode->clock = tv_norm->tv_enc_mode.vrefresh *
>  			mode->htotal / 1000 *
>  			mode->vtotal / 1000;
> @@ -258,6 +259,8 @@ static int nv17_tv_get_hd_modes(struct drm_encoder *encoder,
>  		if (modes[i].hdisplay == output_mode->hdisplay &&
>  		    modes[i].vdisplay == output_mode->vdisplay) {
>  			mode = drm_mode_duplicate(encoder->dev, output_mode);
> +			if (mode == NULL)
> +				continue;
>  			mode->type |= DRM_MODE_TYPE_PREFERRED;
>  
>  		} else {
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ