1 files changed, 37 insertions, 0 deletions
diff --git a/queue-6.12/drm-tegra-fix-a-possible-null-pointer-dereference.patch b/queue-6.12/drm-tegra-fix-a-possible-null-pointer-dereference.patch
new file mode 100644
index 0000000000..1b49176f20
--- /dev/null
+++ b/queue-6.12/drm-tegra-fix-a-possible-null-pointer-dereference.patch
@@ -0,0 +1,37 @@
+From 780351a5f61416ed2ba1199cc57e4a076fca644d Mon Sep 17 00:00:00 2001
+From: Qiu-ji Chen <chenqiuji666@gmail.com>
+Date: Wed, 6 Nov 2024 17:59:06 +0800
+Subject: drm/tegra: Fix a possible null pointer dereference
+
+From: Qiu-ji Chen <chenqiuji666@gmail.com>
+
+commit 780351a5f61416ed2ba1199cc57e4a076fca644d upstream.
+
+In tegra_crtc_reset(), new memory is allocated with kzalloc(), but
+no check is performed. Before calling __drm_atomic_helper_crtc_reset,
+state should be checked to prevent possible null pointer dereference.
+
+Fixes: b7e0b04ae450 ("drm/tegra: Convert to using __drm_atomic_helper_crtc_reset() for reset.")
+Cc: stable@vger.kernel.org
+Signed-off-by: Qiu-ji Chen <chenqiuji666@gmail.com>
+Signed-off-by: Thierry Reding <treding@nvidia.com>
+Link: https://lore.kernel.org/r/20241106095906.15247-1-chenqiuji666@gmail.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/tegra/dc.c |    5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/drivers/gpu/drm/tegra/dc.c
++++ b/drivers/gpu/drm/tegra/dc.c
+@@ -1392,7 +1392,10 @@ static void tegra_crtc_reset(struct drm_
+ 	if (crtc->state)
+ 		tegra_crtc_atomic_destroy_state(crtc, crtc->state);
+ 
+-	__drm_atomic_helper_crtc_reset(crtc, &state->base);
++	if (state)
++		__drm_atomic_helper_crtc_reset(crtc, &state->base);
++	else
++		__drm_atomic_helper_crtc_reset(crtc, NULL);
+ }
+ 
+ static struct drm_crtc_state *