Hello,
Our static analysis tool finds some possible null-pointer dereferences in the amdgpu driver in Linux 5.14.0-rc3:
In dce_v10_0.c: The variable encoder->crtc is checked in: 1591: if (encoder->crtc)
This indicates that encoder->crtc can be NULL. Then the function dce_v10_0_audio_set_dto() is called with the argument encoder: 1600: ce_v10_0_audio_set_dto(encoder, mode->clock);
However, encoder->crtc is dereferenced in this function: 1545: struct amdgpu_crtc *amdgpu_crtc = to_amdgpu_crtc(encoder->crtc); 1559: tmp = REG_SET_FIELD(tmp, DCCG_AUDIO_DTO_SOURCE, DCCG_AUDIO_DTO0_SOURCE_SEL, amdgpu_crtc->crtc_id);
In dce_v11_0.c and dce_v8_0.c, situations are the same.
I am not quite sure whether these possible null-pointer dereferences are real and how to fix them if they are real. Any feedback would be appreciated, thanks!
Reported-by: TOTE Robot oslab@tsinghua.edu.cn
Best wishes, Tuo Li