From: Ma Ke make24@iscas.ac.cn
stable inclusion from stable-v4.19.317 commit 9289cd3450d1da3e271ef4b054d4d2932c41243e category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAGENV CVE: CVE-2024-41095
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=...
--------------------------------
commit 66edf3fb331b6c55439b10f9862987b0916b3726 upstream.
In nv17_tv_get_ld_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd.
Cc: stable@vger.kernel.org Signed-off-by: Ma Ke make24@iscas.ac.cn Signed-off-by: Lyude Paul lyude@redhat.com Link: https://patchwork.freedesktop.org/patch/msgid/20240625081828.2620794-1-make2... Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org Signed-off-by: Yuan Can yuancan@huawei.com --- drivers/gpu/drm/nouveau/dispnv04/tvnv17.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/drivers/gpu/drm/nouveau/dispnv04/tvnv17.c b/drivers/gpu/drm/nouveau/dispnv04/tvnv17.c index 8fd8124d72ba..a01613ad1608 100644 --- a/drivers/gpu/drm/nouveau/dispnv04/tvnv17.c +++ b/drivers/gpu/drm/nouveau/dispnv04/tvnv17.c @@ -208,6 +208,8 @@ static int nv17_tv_get_ld_modes(struct drm_encoder *encoder, struct drm_display_mode *mode;
mode = drm_mode_duplicate(encoder->dev, tv_mode); + if (!mode) + continue;
mode->clock = tv_norm->tv_enc_mode.vrefresh * mode->htotal / 1000 *