On 12/17/25 10:11, ÐаÑоÑопин ÐндÑей wrote:
From: Andrey Vatoropin <[email protected]>
If fbcon_open() fails when called from con2fb_acquire_newinfo() then
info->fbcon_par pointer remains NULL which is later dereferenced.
Add check for return value of the function con2fb_acquire_newinfo() to
avoid it.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
I was unsure if I should apply this patch since we don't have a real problem.
This is inside the fbcon_init() function, so if con2fb_acquire_newinfo()
ever would have returned NULL, the kernel would have crashed and someone
would have reported it (or will report in the future if it happens).
Nevertheless, for correctness, I was tempted to change the check to a
WARN_ON() or BUG_ON() instead, but again: it never happened, so why
add bloat to the kernel ?
In the end, I've now applied this patch to the linux-fbdev git tree
as-is, just to avoid other people send similar patches based on
verification tool reports...
Thanks!
Helge
Fixes: d1baa4ffa677 ("fbcon: set_con2fb_map fixes")
Cc: [email protected]
Signed-off-by: Andrey Vatoropin <[email protected]>
---
drivers/video/fbdev/core/fbcon.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/video/fbdev/core/fbcon.c b/drivers/video/fbdev/core/fbcon.c
index e7e07eb2142e..7453377f3433 100644
--- a/drivers/video/fbdev/core/fbcon.c
+++ b/drivers/video/fbdev/core/fbcon.c
@@ -1047,7 +1047,8 @@ static void fbcon_init(struct vc_data *vc, bool init)
return;
if (!info->fbcon_par)
- con2fb_acquire_newinfo(vc, info, vc->vc_num);
+ if (con2fb_acquire_newinfo(vc, info, vc->vc_num))
+ return;
/* If we are not the first console on this
fb, copy the font from that console */
