From: Pauli Nieminen <suokkos@gmail.com>
Date: Fri, 19 Mar 2010 07:44:33 +0000 (+0000)
Subject: drm/radeon/kms: Fix NULL pointer dereference if memory allocation failed.
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=fcbc451ba1948fba967198bd150ecbd10bbb7075;p=linux.git

drm/radeon/kms: Fix NULL pointer dereference if memory allocation failed.

When there is allocation failure in radeon_cs_parser_relocs parser->nrelocs
is not cleaned. This causes NULL pointer defeference in radeon_cs_parser_fini
when clean up code is trying to loop over the relocation array and free the
objects.

Fix adds a check for a possible NULL pointer in clean up code.

Signed-off-by: Pauli Nieminen <suokkos@gmail.com>
Cc: stable@kernel.org
Signed-off-by: Dave Airlie <airlied@redhat.com>
---

diff --git a/drivers/gpu/drm/radeon/radeon_cs.c b/drivers/gpu/drm/radeon/radeon_cs.c
index dd190f9315d31..f9b0fe002c0ab 100644
--- a/drivers/gpu/drm/radeon/radeon_cs.c
+++ b/drivers/gpu/drm/radeon/radeon_cs.c
@@ -193,9 +193,11 @@ static void radeon_cs_parser_fini(struct radeon_cs_parser *parser, int error)
 		radeon_bo_list_fence(&parser->validated, parser->ib->fence);
 	}
 	radeon_bo_list_unreserve(&parser->validated);
-	for (i = 0; i < parser->nrelocs; i++) {
-		if (parser->relocs[i].gobj)
-			drm_gem_object_unreference_unlocked(parser->relocs[i].gobj);
+	if (parser->relocs != NULL) {
+		for (i = 0; i < parser->nrelocs; i++) {
+			if (parser->relocs[i].gobj)
+				drm_gem_object_unreference_unlocked(parser->relocs[i].gobj);
+		}
 	}
 	kfree(parser->track);
 	kfree(parser->relocs);