[Letux-kernel] [RFC 21/28] drm/client: handle potential NULL pointer dereference

[H. Nikolaus Schaller]

If the format is unsupported, drm_format_info() will return NULL.
This will be dereferenced to initialize dumb_args.bpp.

How can this happen?

If surface_bpp and surface_depth do not match legacy rules in
drm_format_info() it will return NULL and drm_mode_legacy_fb_format()
returns DRM_FORMAT_INVALID to drm_fb_helper_generic_probe().

Signed-off-by: H. Nikolaus Schaller <hns at goldelico.com>
---
 drivers/gpu/drm/drm_client.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/gpu/drm/drm_client.c b/drivers/gpu/drm/drm_client.c
index ce45e380f4a20..700328077f49b 100644
--- a/drivers/gpu/drm/drm_client.c
+++ b/drivers/gpu/drm/drm_client.c
@@ -256,6 +256,11 @@ drm_client_buffer_create(struct drm_client_dev *client, u32 width, u32 height, u
 	struct drm_gem_object *obj;
 	int ret;
 
+	if (!info) {
+		drm_dbg_kms(dev, "unsupported format 0x%08x\n", format);
+		return ERR_PTR(-EINVAL);
+	}
+
 	buffer = kzalloc(sizeof(*buffer), GFP_KERNEL);
 	if (!buffer)
 		return ERR_PTR(-ENOMEM);
-- 
2.26.2