drm/msm: mdp4: Fix drm_framebuffer dereference crash

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

mdp4_get_frame_format() can dereference a drm_framebuffer when it's NULL.
Call it in mdp4_plane_mode_set only when we know fb is non-NULL.

Signed-off-by: Archit Taneja <architt@codeaurora.org>
Signed-off-by: Rob Clark <robdclark@gmail.com>

authored by

Archit Taneja and committed by

Rob Clark 10 years ago a1c3e3e0 ac451467

+3 -1

1 changed file

expand all

drivers

gpu

drm

msm

mdp

mdp4

mdp4_plane.c

+3 -1

drivers/gpu/drm/msm/mdp/mdp4/mdp4_plane.c

··· 220 220 uint32_t op_mode = 0; 221 221 uint32_t phasex_step = MDP4_VG_PHASE_STEP_DEFAULT; 222 222 uint32_t phasey_step = MDP4_VG_PHASE_STEP_DEFAULT; 223 - enum mdp4_frame_format frame_type = mdp4_get_frame_format(fb); 223 + enum mdp4_frame_format frame_type; 224 224 225 225 if (!(crtc && fb)) { 226 226 DBG("%s: disabled!", mdp4_plane->name); 227 227 return 0; 228 228 } 229 + 230 + frame_type = mdp4_get_frame_format(fb); 229 231 230 232 /* src values are in Q16 fixed point, convert to integer: */ 231 233 src_x = src_x >> 16;