On 7/15/2025 5:44 AM, Krzysztof Kozlowski wrote:
On 04/07/2025 05:16, jackysliu wrote:
From: jackysliu <secur...@tencent.com>
A null pointer dereference vulnerability exists in the AMD display driver's
(DC module) cleanup function dc_destruct().
When display control context (dc->ctx) construction fails
(due to memory allocation failure), this pointer remains NULL.
During subsequent error handling when dc_destruct() is called,
there's no NULL check before dereferencing the perf_trace member
(dc->ctx->perf_trace),
causing a kernel null pointer dereference crash
Signed-off-by: jackysliu <secur...@tencent.com>
---
drivers/gpu/drm/amd/display/dc/core/dc.c | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
You should disclose that you used some AI tool for that... and that
other report(s) was really fake finding. People should know you
generated it with AI, so they could make informed decision whether to
even allocate time here.
Best regards,
Krzysztof
Failure paths are so rarely executed that it sometimes takes years or
static analyzers to find and fix issues.
In this case I think it's a real problem. During init the following
sequence happens:
dc_create()
->dc_construct_ctx()
If dc_construct_ctx() fails then it jumps to a label that calls
dc_destruct(). So if the context wasn't set up then yeah there could be
a NULL pointer deref.
So to me this makes sense.
Reviewed-by: Mario Limonciello <mario.limoncie...@amd.com>
Harry, do you agree?
