[PATCH] SiS DRM: Fix possible NULL dereference

This fixes a NULL pointer reference in DRM.  The SiS driver tries to
allocate a big chunk of memory, but the return value is never checked.

Reported in Novell bugzilla #132271:
  https://bugzilla.novell.com/show_bug.cgi?id=132271

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

diff --git a/drivers/char/drm/drm_context.c b/drivers/char/drm/drm_context.c
index bdd168d..bd958d6 100644 (file)
--- a/drivers/char/drm/drm_context.c
+++ b/drivers/char/drm/drm_context.c
@@ -432,7 +432,10 @@ int drm_addctx(struct inode *inode, struct file *filp,
 
        if (ctx.handle != DRM_KERNEL_CONTEXT) {
                if (dev->driver->context_ctor)
-                       dev->driver->context_ctor(dev, ctx.handle);
+                       if (!dev->driver->context_ctor(dev, ctx.handle)) {
+                               DRM_DEBUG( "Running out of ctxs or memory.\n");
+                               return -ENOMEM;
+                       }
        }
 
        ctx_entry = drm_alloc(sizeof(*ctx_entry), DRM_MEM_CTXLIST);