drm/client: fix null pointer dereference in drm_client_modeset_probe

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

In drm_client_modeset_probe(), the return value of drm_mode_duplicate() is
assigned to modeset->mode, which will lead to a possible NULL pointer
dereference on failure of drm_mode_duplicate(). Add a check to avoid npd.

Cc: stable@vger.kernel.org
Fixes: cf13909aee05 ("drm/fb-helper: Move out modeset config code")
Signed-off-by: Ma Ke <make24@iscas.ac.cn>
Reviewed-by: Thomas Zimmermann <tzimmermann@suse.de>
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20240802044736.1570345-1-make24@iscas.ac.cn

authored by

Ma Ke and committed by

Thomas Zimmermann 2 years ago 113fd637 9c685f61

1 changed file

expand all

drivers

gpu

drm

drm_client_modeset.c

drivers/gpu/drm/drm_client_modeset.c

··· 880 880 881 881 kfree(modeset->mode); 882 882 modeset->mode = drm_mode_duplicate(dev, mode); 883 + if (!modeset->mode) { 884 + ret = -ENOMEM; 885 + break; 886 + } 887 + 883 888 drm_connector_get(connector); 884 889 modeset->connectors[modeset->num_connectors++] = connector; 885 890 modeset->x = offset->x;