drm/msm: mdp4: Fix drm_framebuffer dereference crash (507d71b1) · Commits · e / devices / android_kernel_fairphone_FP4

drivers/gpu/drm/msm/mdp/mdp4/mdp4_plane.c

+3 −1

Original line number	Diff line number	Diff line
		@@ -220,13 +220,15 @@ static int mdp4_plane_mode_set(struct drm_plane *plane,
		uint32_t op_mode = 0;
		uint32_t phasex_step = MDP4_VG_PHASE_STEP_DEFAULT;
		uint32_t phasey_step = MDP4_VG_PHASE_STEP_DEFAULT;
		enum mdp4_frame_format frame_type = mdp4_get_frame_format(fb);
		enum mdp4_frame_format frame_type;

		if (!(crtc && fb)) {
		DBG("%s: disabled!", mdp4_plane->name);
		return 0;
		}

		frame_type = mdp4_get_frame_format(fb);

		/* src values are in Q16 fixed point, convert to integer: */
		src_x = src_x >> 16;
		src_y = src_y >> 16;