releases/5.9.2/video-fbdev-sis-fix-null-ptr-dereference.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From 40f0e848133d6a6a76b67dbd2335ce974ad7d620 Mon Sep 17 00:00:00 2001
 From: Sasha Levin <sashal@kernel.org>
 Date: Wed, 5 Aug 2020 07:52:08 -0700
 Subject: video: fbdev: sis: fix null ptr dereference

 From: Tom Rix <trix@redhat.com>

 [ Upstream commit ad6f93e9cd56f0b10e9b22e3e137d17a1a035242 ]

 Clang static analysis reports this representative error

 init.c:2501:18: warning: Array access (from variable 'queuedata') results
   in a null pointer dereference
       templ |= ((queuedata[i] & 0xc0) << 3);

 This is the problem block of code

    if(ModeNo > 0x13) {
       ...
       if(SiS_Pr->ChipType == SIS_730) {
 	 queuedata = &FQBQData730[0];
       } else {
 	 queuedata = &FQBQData[0];
       }
    } else {

    }

 queuedata is not set in the else block

 Reviewing the old code, the arrays FQBQData730 and FQBQData were
 used directly.

 So hoist the setting of queuedata out of the if-else block.

 Fixes: 544393fe584d ("[PATCH] sisfb update")
 Signed-off-by: Tom Rix <trix@redhat.com>
 Cc: Thomas Winischhofer <thomas@winischhofer.net>
 Cc: Andrew Morton <akpm@osdl.org>
 Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
 Link: https://patchwork.freedesktop.org/patch/msgid/20200805145208.17727-1-trix@redhat.com
 Signed-off-by: Sasha Levin <sashal@kernel.org>
 ---
  drivers/video/fbdev/sis/init.c | 11 +++++------
  1 file changed, 5 insertions(+), 6 deletions(-)

 diff --git a/drivers/video/fbdev/sis/init.c b/drivers/video/fbdev/sis/init.c
 index dfe3eb769638b..fde27feae5d0c 100644
 --- a/drivers/video/fbdev/sis/init.c
 +++ b/drivers/video/fbdev/sis/init.c
 @@ -2428,6 +2428,11 @@ SiS_SetCRT1FIFO_630(struct SiS_Private *SiS_Pr, unsigned short ModeNo,

     i = 0;

 +	if (SiS_Pr->ChipType == SIS_730)
 +		queuedata = &FQBQData730[0];
 +	else
 +		queuedata = &FQBQData[0];
 +
     if(ModeNo > 0x13) {

        /* Get VCLK  */
 @@ -2445,12 +2450,6 @@ SiS_SetCRT1FIFO_630(struct SiS_Private *SiS_Pr, unsigned short ModeNo,
        /* Get half colordepth */
        colorth = colortharray[(SiS_Pr->SiS_ModeType - ModeEGA)];

 -      if(SiS_Pr->ChipType == SIS_730) {
 -	 queuedata = &FQBQData730[0];
 -      } else {
 -	 queuedata = &FQBQData[0];
 -      }
 -
        do {
  	 templ = SiS_CalcDelay2(SiS_Pr, queuedata[i]) * VCLK * colorth;

 --
 2.25.1
	From 40f0e848133d6a6a76b67dbd2335ce974ad7d620 Mon Sep 17 00:00:00 2001
	From: Sasha Levin <sashal@kernel.org>
	Date: Wed, 5 Aug 2020 07:52:08 -0700
	Subject: video: fbdev: sis: fix null ptr dereference

	From: Tom Rix <trix@redhat.com>

	[ Upstream commit ad6f93e9cd56f0b10e9b22e3e137d17a1a035242 ]

	Clang static analysis reports this representative error

	init.c:2501:18: warning: Array access (from variable 'queuedata') results
	in a null pointer dereference
	templ \|= ((queuedata[i] & 0xc0) << 3);

	This is the problem block of code

	if(ModeNo > 0x13) {
	...
	if(SiS_Pr->ChipType == SIS_730) {
	queuedata = &FQBQData730[0];
	} else {
	queuedata = &FQBQData[0];
	}
	} else {

	}

	queuedata is not set in the else block

	Reviewing the old code, the arrays FQBQData730 and FQBQData were
	used directly.

	So hoist the setting of queuedata out of the if-else block.

	Fixes: 544393fe584d ("[PATCH] sisfb update")
	Signed-off-by: Tom Rix <trix@redhat.com>
	Cc: Thomas Winischhofer <thomas@winischhofer.net>
	Cc: Andrew Morton <akpm@osdl.org>
	Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
	Link: https://patchwork.freedesktop.org/patch/msgid/20200805145208.17727-1-trix@redhat.com
	Signed-off-by: Sasha Levin <sashal@kernel.org>
	---
	drivers/video/fbdev/sis/init.c \| 11 +++++------
	1 file changed, 5 insertions(+), 6 deletions(-)

	diff --git a/drivers/video/fbdev/sis/init.c b/drivers/video/fbdev/sis/init.c
	index dfe3eb769638b..fde27feae5d0c 100644
	--- a/drivers/video/fbdev/sis/init.c
	+++ b/drivers/video/fbdev/sis/init.c
	@@ -2428,6 +2428,11 @@ SiS_SetCRT1FIFO_630(struct SiS_Private *SiS_Pr, unsigned short ModeNo,

	i = 0;

	+ if (SiS_Pr->ChipType == SIS_730)
	+ queuedata = &FQBQData730[0];
	+ else
	+ queuedata = &FQBQData[0];
	+
	if(ModeNo > 0x13) {

	/* Get VCLK */
	@@ -2445,12 +2450,6 @@ SiS_SetCRT1FIFO_630(struct SiS_Private *SiS_Pr, unsigned short ModeNo,
	/* Get half colordepth */
	colorth = colortharray[(SiS_Pr->SiS_ModeType - ModeEGA)];

	- if(SiS_Pr->ChipType == SIS_730) {
	- queuedata = &FQBQData730[0];
	- } else {
	- queuedata = &FQBQData[0];
	- }
	-
	do {
	templ = SiS_CalcDelay2(SiS_Pr, queuedata[i]) * VCLK * colorth;

	--
	2.25.1