summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPauli Nieminen <suokkos@gmail.com>2010-03-19 07:44:33 +0000
committerDave Airlie <airlied@redhat.com>2010-03-31 13:11:53 +1000
commitfcbc451ba1948fba967198bd150ecbd10bbb7075 (patch)
tree71e75d0a64a492261df05c4ead7b29cfd209d715
parentf9274562026558ab54a29331cf13e9ebec8cc890 (diff)
downloadlwn-fcbc451ba1948fba967198bd150ecbd10bbb7075.tar.gz
lwn-fcbc451ba1948fba967198bd150ecbd10bbb7075.zip
drm/radeon/kms: Fix NULL pointer dereference if memory allocation failed.
When there is allocation failure in radeon_cs_parser_relocs parser->nrelocs is not cleaned. This causes NULL pointer defeference in radeon_cs_parser_fini when clean up code is trying to loop over the relocation array and free the objects. Fix adds a check for a possible NULL pointer in clean up code. Signed-off-by: Pauli Nieminen <suokkos@gmail.com> Cc: stable@kernel.org Signed-off-by: Dave Airlie <airlied@redhat.com>
-rw-r--r--drivers/gpu/drm/radeon/radeon_cs.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/drivers/gpu/drm/radeon/radeon_cs.c b/drivers/gpu/drm/radeon/radeon_cs.c
index dd190f9315d3..f9b0fe002c0a 100644
--- a/drivers/gpu/drm/radeon/radeon_cs.c
+++ b/drivers/gpu/drm/radeon/radeon_cs.c
@@ -193,9 +193,11 @@ static void radeon_cs_parser_fini(struct radeon_cs_parser *parser, int error)
radeon_bo_list_fence(&parser->validated, parser->ib->fence);
}
radeon_bo_list_unreserve(&parser->validated);
- for (i = 0; i < parser->nrelocs; i++) {
- if (parser->relocs[i].gobj)
- drm_gem_object_unreference_unlocked(parser->relocs[i].gobj);
+ if (parser->relocs != NULL) {
+ for (i = 0; i < parser->nrelocs; i++) {
+ if (parser->relocs[i].gobj)
+ drm_gem_object_unreference_unlocked(parser->relocs[i].gobj);
+ }
}
kfree(parser->track);
kfree(parser->relocs);