Bug 38196 - Null pointer dereference in nouveau_gpuobj_channel_takedown
Summary: Null pointer dereference in nouveau_gpuobj_channel_takedown
Status: RESOLVED FIXED
Alias: None
Product: xorg
Classification: Unclassified
Component: Driver/nouveau (show other bugs)
Version: git
Hardware: x86-64 (AMD64) Linux (All)
: medium critical
Assignee: Nouveau Project
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-06-11 18:11 UTC by Bob Gleitsmann
Modified: 2011-06-18 06:22 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Attachments

Description Bob Gleitsmann 2011-06-11 18:11:41 UTC 
The code for this procedure includes (line 878) assignment to a pointer of type struct nv50_display_crtc. However nv50_display(dev) is null for earlier cards (e.g., nv40). This causes a kernel oops if for example a program using mesa is terminated.
I tried skipping the loop containing this line if nv50_display(dev) is null and this worked on my 6800 Ultra. 

Best Wishes,

Bob Gleitsmann
Comment 1 Bob Gleitsmann 2011-06-11 19:23:56 UTC 
OK I don't know what product and component are to be used for bugs in kernel drm. It isn't mesa, but should to to the dri-devel mailing list. Or whatever you think.

Bob
Comment 2 Pekka Paalanen 2011-06-12 01:17:03 UTC 
Since this bug apparently refers to nouveau_object.c in the kernel DRM, change the product/component to as per http://nouveau.freedesktop.org/wiki/Bugs .
Comment 3 Emil Velikov 2011-06-18 06:22:14 UTC 
Thanks for reporting this Bob

The issue should be resolved by 23a3a221(drm/nouveau: fix null pointer deref on pre-nv50 chipsets) in nouveau-git [1]


[1] http://cgit.freedesktop.org/nouveau/linux-2.6/

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.