From e8cbb8822b55cd0197c0ae90375e460baf738297 Mon Sep 17 00:00:00 2001
From: Samantha Tran <samtran@codeaurora.org>
Date: Tue, 2 Mar 2021 12:51:31 -0800
Subject: [PATCH] disp: msm: add check for null pointer dereferencing

Add check for null pointers before accessing.

Change-Id: I33deb1e931098c246326a01e743a2db760320471
Signed-off-by: Samantha Tran <samtran@codeaurora.org>
---
 msm/dp/dp_debug.c     |  5 ++++-
 msm/dsi/dsi_display.c | 11 +++++++++++
 msm/sde/sde_crtc.c    |  6 +++---
 3 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/msm/dp/dp_debug.c b/msm/dp/dp_debug.c
index 44134ee315..22842351b7 100644
--- a/msm/dp/dp_debug.c
+++ b/msm/dp/dp_debug.c
@@ -633,13 +633,16 @@ static ssize_t dp_debug_mmrm_clk_cb_write(struct file *file,
 	size_t len = 0;
 	struct dss_clk_mmrm_cb mmrm_cb_data;
 	struct mmrm_client_notifier_data notifier_data;
-	struct dp_display *dp_display = debug->display;
+	struct dp_display *dp_display;
 	int cb_type;
 
 	if (!debug)
 		return -ENODEV;
 	if (*ppos)
 		return 0;
+
+	dp_display = debug->display;
+
 	len = min_t(size_t, count, SZ_8 - 1);
 	if (copy_from_user(buf, user_buff, len))
 		return 0;
diff --git a/msm/dsi/dsi_display.c b/msm/dsi/dsi_display.c
index 3fa92cb9ef..040a6de7d0 100644
--- a/msm/dsi/dsi_display.c
+++ b/msm/dsi/dsi_display.c
@@ -6321,6 +6321,9 @@ int dsi_display_drm_ext_bridge_init(struct dsi_display *display,
 	if (display->panel && !display->panel->host_config.ext_bridge_mode)
 		return 0;
 
+	if (!bridge)
+		return -EINVAL;
+
 	for (i = 0; i < display->ext_bridge_cnt; i++) {
 		struct dsi_display_ext_bridge *ext_bridge_info =
 				&display->ext_bridge[i];
@@ -6371,6 +6374,14 @@ int dsi_display_drm_ext_bridge_init(struct dsi_display *display,
 		ext_conn = list_last_entry(&drm->mode_config.connector_list,
 			struct drm_connector, head);
 
+		if (!ext_conn) {
+			DSI_ERR("failed to get external connector\n");
+			rc = PTR_ERR(ext_conn);
+
+			spin_unlock_irq(&drm->mode_config.connector_list_lock);
+			goto error;
+		}
+
 		drm_connector_for_each_possible_encoder(ext_conn, c_encoder)
 			break;
 
diff --git a/msm/sde/sde_crtc.c b/msm/sde/sde_crtc.c
index 64ef082e7f..efcf0b8bf0 100644
--- a/msm/sde/sde_crtc.c
+++ b/msm/sde/sde_crtc.c
@@ -502,7 +502,7 @@ static bool sde_crtc_mode_fixup(struct drm_crtc *crtc,
 	struct drm_connector *connector;
 	struct drm_encoder *encoder;
 	struct drm_connector_state *new_conn_state;
-	struct sde_connector_state *c_conn_state;
+	struct sde_connector_state *c_conn_state = NULL;
 	bool encoder_valid = false;
 	int i;
 
@@ -526,12 +526,12 @@ static bool sde_crtc_mode_fixup(struct drm_crtc *crtc,
 
 	for_each_new_connector_in_state(c_state->state, connector,
 			new_conn_state, i) {
-		if (new_conn_state->best_encoder == encoder){
+		if (new_conn_state->best_encoder == encoder) {
+			c_conn_state = to_sde_connector_state(new_conn_state);
 			break;
 		}
 	}
 
-	c_conn_state = to_sde_connector_state(new_conn_state);
 	if (!c_conn_state) {
 		SDE_ERROR("could not get connector state\n");
 		return true;