mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

hw/display/omap_lcdc: Fix potential NULL pointer dereference

Browse Source 
In omap_lcd_interrupts(), the pointer omap_lcd is dereferinced before
being check if it is valid, which may lead to NULL pointer dereference.
So move the assignment to surface after checking that the omap_lcd is valid
and move surface_bits_per_pixel(surface) to after the surface assignment.

Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: AlexChen <alex.chen@huawei.com>
Message-id: 5F9CDB8A.9000001@huawei.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
AlexChen 2020-11-02 16:52:17 +00:00 committed by Peter Maydell
parent 3f0b59070c
commit 0080edc45e
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
hw/display/omap_lcdc.c
View File

@ -78,14 +78,18 @@ static void omap_lcd_interrupts(struct omap_lcd_panel_s *s)
static void omap_update_display(void *opaque) static void omap_update_display(void *opaque)
{ {
struct omap_lcd_panel_s *omap_lcd = (struct omap_lcd_panel_s *) opaque; struct omap_lcd_panel_s *omap_lcd = (struct omap_lcd_panel_s *) opaque;
DisplaySurface *surface = qemu_console_surface(omap_lcd->con); DisplaySurface *surface;
draw_line_func draw_line; draw_line_func draw_line;
int size, height, first, last; int size, height, first, last;
int width, linesize, step, bpp, frame_offset; int width, linesize, step, bpp, frame_offset;
hwaddr frame_base; hwaddr frame_base;
if (!omap_lcd || omap_lcd->plm == 1 || !omap_lcd->enable || if (!omap_lcd || omap_lcd->plm == 1 || !omap_lcd->enable) {
!surface_bits_per_pixel(surface)) { return;
}
surface = qemu_console_surface(omap_lcd->con);
if (!surface_bits_per_pixel(surface)) {
return; return;
} }