If kmalloc() returned NULL we would end up dereferencing "state" a couple lines later.
Signed-off-by: Dan Carpenter dan.carpenter@oracle.com
diff --git a/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c b/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c index 8df0aaf..867069b 100644 --- a/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c +++ b/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c @@ -415,8 +415,9 @@ atmel_hlcdc_crtc_duplicate_state(struct drm_crtc *crtc) return NULL;
state = kmalloc(sizeof(*state), GFP_KERNEL); - if (state) - __drm_atomic_helper_crtc_duplicate_state(crtc, &state->base); + if (!state) + return NULL; + __drm_atomic_helper_crtc_duplicate_state(crtc, &state->base);
cur = drm_crtc_state_to_atmel_hlcdc_crtc_state(crtc->state); state->output_mode = cur->output_mode;
On Mon, 25 Apr 2016 12:04:54 +0300 Dan Carpenter dan.carpenter@oracle.com wrote:
If kmalloc() returned NULL we would end up dereferencing "state" a couple lines later.
Signed-off-by: Dan Carpenter dan.carpenter@oracle.com
Acked-by: Boris Brezillon boris.brezillon@free-electrons.com
Thanks,
Boris
diff --git a/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c b/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c index 8df0aaf..867069b 100644 --- a/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c +++ b/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c @@ -415,8 +415,9 @@ atmel_hlcdc_crtc_duplicate_state(struct drm_crtc *crtc) return NULL;
state = kmalloc(sizeof(*state), GFP_KERNEL);
- if (state)
__drm_atomic_helper_crtc_duplicate_state(crtc, &state->base);
if (!state)
return NULL;__drm_atomic_helper_crtc_duplicate_state(crtc, &state->base);
cur = drm_crtc_state_to_atmel_hlcdc_crtc_state(crtc->state); state->output_mode = cur->output_mode;
On Mon, Apr 25, 2016 at 12:04:54PM +0300, Dan Carpenter wrote:
If kmalloc() returned NULL we would end up dereferencing "state" a couple lines later.
Signed-off-by: Dan Carpenter dan.carpenter@oracle.com
Reviewed-by: Eric Engestrom eric.engestrom@imgtec.com
Hi Daniel,
On Mon, 25 Apr 2016 12:04:54 +0300 Dan Carpenter dan.carpenter@oracle.com wrote:
If kmalloc() returned NULL we would end up dereferencing "state" a couple lines later.
Can you take this patch in drm-misc, or should I send a PR?
Regards,
Boris
Signed-off-by: Dan Carpenter dan.carpenter@oracle.com
diff --git a/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c b/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c index 8df0aaf..867069b 100644 --- a/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c +++ b/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c @@ -415,8 +415,9 @@ atmel_hlcdc_crtc_duplicate_state(struct drm_crtc *crtc) return NULL;
state = kmalloc(sizeof(*state), GFP_KERNEL);
- if (state)
__drm_atomic_helper_crtc_duplicate_state(crtc, &state->base);
if (!state)
return NULL;__drm_atomic_helper_crtc_duplicate_state(crtc, &state->base);
cur = drm_crtc_state_to_atmel_hlcdc_crtc_state(crtc->state); state->output_mode = cur->output_mode;
dri-devel@lists.freedesktop.org
-
Boris Brezillon -
Dan Carpenter -
Eric Engestrom