drm/radeon/kms: Fix NULL pointer dereference if memory allocation failed.

When there is allocation failure in radeon_cs_parser_relocs parser->nrelocs is not cleaned. This causes NULL pointer defeference in radeon_cs_parser_fini when clean up code is trying to loop over the relocation array and free the objects. Fix adds a check for a possible NULL pointer in clean up code. Signed-off-by: Pauli Nieminen <suokkos@gmail.com> Cc: stable@kernel.org Signed-off-by: Dave Airlie <airlied@redhat.com>

drm/radeon/kms: Fix NULL pointer dereference if memory allocation failed.
When there is allocation failure in radeon_cs_parser_relocs parser->nrelocs is not cleaned. This causes NULL pointer defeference in radeon_cs_parser_fini when clean up code is trying to loop over the relocation array and free the objects. Fix adds a check for a possible NULL pointer in clean up code. Signed-off-by: Pauli Nieminen <suokkos@gmail.com> Cc: stable@kernel.org Signed-off-by: Dave Airlie <airlied@redhat.com>
fcbc451b · Pauli Nieminen · Dave Airlie · f9274562 · fcbc451b
Commit fcbc451b authored Mar 19, 2010 by Pauli Nieminen Committed by Dave Airlie Mar 31, 2010
Show whitespace changes
Inline Side-by-side

Showing with 5 additions and 3 deletions

drivers/gpu/drm/radeon/radeon_cs.c drivers/gpu/drm/radeon/radeon_cs.c +5 -3

No files found.
--- a/drivers/gpu/drm/radeon/radeon_cs.c
+++ b/drivers/gpu/drm/radeon/radeon_cs.c
@@ -193,10 +193,12 @@ static void radeon_cs_parser_fini(struct radeon_cs_parser *parser, int error)
 		radeon_bo_list_fence(&parser->validated, parser->ib->fence);
 	}
 	radeon_bo_list_unreserve(&parser->validated);
+	if (parser->relocs != NULL) {
 		for (i = 0; i < parser->nrelocs; i++) {
 			if (parser->relocs[i].gobj)
 				drm_gem_object_unreference_unlocked(parser->relocs[i].gobj);
 		}
+	}
 	kfree(parser->track);
 	kfree(parser->relocs);
 	kfree(parser->relocs_ptr);