| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250723-gigantic-wrasse-of-warranty-dc70d7@houat>
Date: Wed, 23 Jul 2025 08:57:07 +0200
From: Maxime Ripard <mripard@...nel.org>
To: Chenyuan Yang <chenyuan0y@...il.com>
Cc: victor.liu@....com, andrzej.hajda@...el.com, neil.armstrong@...aro.org,
rfoss@...nel.org, laurent.pinchart@...asonboard.com, jonas@...boo.se,
jernej.skrabec@...il.com, maarten.lankhorst@...ux.intel.com, tzimmermann@...e.de,
airlied@...il.com, simona@...ll.ch, lumag@...nel.org, biju.das.jz@...renesas.com,
dri-devel@...ts.freedesktop.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] drm/bridge: Add null pointer check for ITE IT6263
On Tue, Jul 22, 2025 at 03:41:14PM -0500, Chenyuan Yang wrote:
> drm_atomic_get_new_connector_for_encoder and
> drm_atomic_get_new_connector_state could return Null.
They can, but not in that scenario. atomic_enable will never be called
if either would return NULL.
In which situation did you trigger this bug?
> Thus, add the null pointer check for them with a similar format with
> it6505_bridge_atomic_enable in ITE IT6505.
>
> Signed-off-by: Chenyuan Yang <chenyuan0y@...il.com>
> Fixes: 049723628716 ("drm/bridge: Add ITE IT6263 LVDS to HDMI converter")
> ---
> drivers/gpu/drm/bridge/ite-it6263.c | 15 ++++++++++++++-
> 1 file changed, 14 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/bridge/ite-it6263.c b/drivers/gpu/drm/bridge/ite-it6263.c
> index a3a63a977b0a..3a20b2088bf9 100644
> --- a/drivers/gpu/drm/bridge/ite-it6263.c
> +++ b/drivers/gpu/drm/bridge/ite-it6263.c
> @@ -590,15 +590,28 @@ static void it6263_bridge_atomic_enable(struct drm_bridge *bridge,
> struct drm_connector *connector;
> bool is_stable = false;
> struct drm_crtc *crtc;
> + struct drm_connector_state *conn_state;
> unsigned int val;
> bool pclk_high;
> int i, ret;
>
> connector = drm_atomic_get_new_connector_for_encoder(state,
> bridge->encoder);
> - crtc = drm_atomic_get_new_connector_state(state, connector)->crtc;
> + if (WARN_ON(!connector))
> + return;
> +
> + conn_state = drm_atomic_get_new_connector_state(state, connector);
> + if (WARN_ON(!conn_state))
> + return;
> +
> + crtc = conn_state->crtc;
> crtc_state = drm_atomic_get_new_crtc_state(state, crtc);
> + if (WARN_ON(!crtc_state))
> + return;
> +
> mode = &crtc_state->adjusted_mode;
> + if (WARN_ON(!mode))
> + return;
And that condition can never be true.
Maxime
Download attachment "signature.asc" of type "application/pgp-signature" (274 bytes)
Powered by blists - more mailing lists