evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/drivers/gpu/drm/vmwgfx
History
Murray McAllister 8f6b0e59d2 drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() 
commit bcd6aa7b6cbfd6f985f606c6f76046d782905820 upstream.

If SVGA_3D_CMD_DX_DEFINE_RENDERTARGET_VIEW is called with a surface
ID of SVGA3D_INVALID_ID, the srf struct will remain NULL after
vmw_cmd_res_check(), leading to a null pointer dereference in
vmw_view_add().

Cc: <stable@vger.kernel.org>
Fixes: d80efd5cb3 ("drm/vmwgfx: Initial DX support")
Signed-off-by: Murray McAllister <murray.mcallister@gmail.com>
Reviewed-by: Thomas Hellstrom <thellstrom@vmware.com>
Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-06-22 08:18:24 +02:00
..
device_include
Kconfig
Makefile
vmwgfx_binding.c
vmwgfx_binding.h
vmwgfx_buffer.c
vmwgfx_cmdbuf.c
vmwgfx_cmdbuf_res.c
vmwgfx_context.c
vmwgfx_cotable.c
vmwgfx_dmabuf.c
vmwgfx_drv.c drm/vmwgfx: Fix setting of dma masks 2019-02-20 10:13:19 +01:00
vmwgfx_drv.h
vmwgfx_execbuf.c drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() 2019-06-22 08:18:24 +02:00
vmwgfx_fb.c drm/vmwgfx: Don't double-free the mode stored in par->set_mode 2019-04-03 06:23:14 +02:00
vmwgfx_fence.c
vmwgfx_fence.h
vmwgfx_fifo.c
vmwgfx_gmr.c
vmwgfx_gmrid_manager.c
vmwgfx_ioctl.c
vmwgfx_irq.c
vmwgfx_kms.c
vmwgfx_kms.h
vmwgfx_ldu.c
vmwgfx_marker.c
vmwgfx_mob.c
vmwgfx_overlay.c
vmwgfx_prime.c
vmwgfx_reg.h
vmwgfx_resource.c
vmwgfx_resource_priv.h
vmwgfx_scrn.c
vmwgfx_shader.c
vmwgfx_so.c
vmwgfx_so.h
vmwgfx_stdu.c
vmwgfx_surface.c
vmwgfx_ttm_glue.c