[PATCH 3/3] drivers/gpu/drm/vmwgfx/vmwgfx_ldu.c: remove invalid reference to list iterator variable
From: Julia Lawall
Date: Sun Jul 08 2012 - 17:14:36 EST
From: Julia Lawall <Julia.Lawall@xxxxxxx>
If list_for_each_entry, etc complete a traversal of the list, the iterator
variable ends up pointing to an address at an offset from the list head,
and not a meaningful structure. Thus this value should not be used after
the end of the iterator.
After the iteractor, entry->base.crtc.fb is not a meaningful value. What
seems to be intended is crtc->fb, which gets the information from the last
element of the list.
A simplified version of the semantic match that finds this problem is as
follows: (http://coccinelle.lip6.fr/)
// <smpl>
@@
identifier c;
expression E;
iterator name list_for_each_entry;
statement S;
@@
list_for_each_entry(c,...) { ... when != break;
when forall
when strict
}
...
(
c = E
|
*c
)
// </smpl>
Signed-off-by: Julia Lawall <Julia.Lawall@xxxxxxx>
Acked-by: Paul Menzel <paulepanter@xxxxxxxxxxxxxxxxxxxxx>
---
drivers/gpu/drm/vmwgfx/vmwgfx_ldu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ldu.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ldu.c
index 070fb23..634611a 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_ldu.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ldu.c
@@ -93,7 +93,7 @@ static int vmw_ldu_commit_list(struct vmw_private *dev_priv)
if (crtc == NULL)
return 0;
- fb = entry->base.crtc.fb;
+ fb = crtc->fb;
return vmw_kms_write_svga(dev_priv, w, h, fb->pitches[0],
fb->bits_per_pixel, fb->depth);
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/