Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
Pre-existing issues: - [High] Unchecked kasprintf return value may lead to a NULL pointer dereference when setting up the color pipeline property. -- commit e64dca02dc85f9d02e8990c56f98c1559490b722 Author: John Harrison <[email protected]> drm/vkms/colorop: Update to new pipeline API Switch to using the new method for building colorop pipelines. > diff --git a/drivers/gpu/drm/vkms/vkms_colorop.c > b/drivers/gpu/drm/vkms/vkms_colorop.c > index 071f3a8d2e7c4..ecb4fd56eb8cc 100644 > --- a/drivers/gpu/drm/vkms/vkms_colorop.c > +++ b/drivers/gpu/drm/vkms/vkms_colorop.c [ ... ] > @@ -93,7 +95,7 @@ static int vkms_initialize_color_pipeline(struct drm_plane > *plane, struct drm_pr > if (ret) > goto cleanup; > > - drm_colorop_set_next_property(ops[i - 1], ops[i]); > + drm_colorop_add_to_pipeline(ops[0], ops[i]); > > list->name = kasprintf(GFP_KERNEL, "Color Pipeline %d", > ops[0]->base.id); > [Severity: High] This is a pre-existing issue, but does this kasprintf() need a NULL check? If kasprintf() fails to allocate memory, it returns NULL. Since vkms_initialize_color_pipeline() then unconditionally returns 0 (success), the caller vkms_initialize_colorops() will pass this NULL string down to drm_plane_create_color_pipeline_property(). This is ultimately passed to drm_property_add_enum(), where calling strlen() on the NULL name will cause a NULL pointer dereference. Should this allocation be checked and routed to the cleanup path on failure? -- Sashiko AI review ยท https://sashiko.dev/#/patchset/[email protected]?part=5
