There is a NULL pointer dereference in mach64_dma_vertex() line 829 in file sys/dev/drm/mach64_state.c. The check against NULL in line 834 should happen before the dereference of dev_priv. Fix: Patch attached. Patch attached with submission follows: How-To-Repeat: N/A
State Changed From-To: open->patched Committed, thanks!
Responsible Changed From-To: freebsd-bugs->brueffer MFC reminder.
Author: brueffer Date: Wed Oct 21 15:54:45 2009 New Revision: 198332 URL: http://svn.freebsd.org/changeset/base/198332 Log: Check pointer for NULL before dereferencing it, not after. PR: 138383 Submitted by: Patroklos Argyroudis <argp@census-labs.com> Reviewed by: rnoland MFC after: 1 week Modified: head/sys/dev/drm/mach64_state.c Modified: head/sys/dev/drm/mach64_state.c ============================================================================== --- head/sys/dev/drm/mach64_state.c Wed Oct 21 15:27:48 2009 (r198331) +++ head/sys/dev/drm/mach64_state.c Wed Oct 21 15:54:45 2009 (r198332) @@ -826,7 +826,7 @@ int mach64_dma_vertex(struct drm_device struct drm_file *file_priv) { drm_mach64_private_t *dev_priv = dev->dev_private; - drm_mach64_sarea_t *sarea_priv = dev_priv->sarea_priv; + drm_mach64_sarea_t *sarea_priv; drm_mach64_vertex_t *vertex = data; LOCK_TEST_WITH_RETURN(dev, file_priv); @@ -835,6 +835,7 @@ int mach64_dma_vertex(struct drm_device DRM_ERROR("called with no initialization\n"); return -EINVAL; } + sarea_priv = dev_priv->sarea_priv; DRM_DEBUG("pid=%d buf=%p used=%lu discard=%d\n", DRM_CURRENTPID, _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
State Changed From-To: patched->closed MFCs done.