drm/mipi-dsi: Avoid potential NULL pointer dereference

The mipi_dsi_packet_create() function dereferences the msg pointer
before checking that it's valid. Move the dereference down to where it
is required to avoid potentially dereferencing a NULL pointer.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>

diff --git a/drivers/gpu/drm/drm_mipi_dsi.c b/drivers/gpu/drm/drm_mipi_dsi.c
index c0644bb865f257f9321f30870bd814bc804b2326..2d5ca8eec13a9611668a90756a756f6f40a0506b 100644 (file)
--- a/drivers/gpu/drm/drm_mipi_dsi.c
+++ b/drivers/gpu/drm/drm_mipi_dsi.c
@@ -323,8 +323,6 @@ EXPORT_SYMBOL(mipi_dsi_packet_format_is_long);
 int mipi_dsi_create_packet(struct mipi_dsi_packet *packet,
                           const struct mipi_dsi_msg *msg)
 {
-       const u8 *tx = msg->tx_buf;
-
        if (!packet || !msg)
                return -EINVAL;
 
@@ -353,8 +351,10 @@ int mipi_dsi_create_packet(struct mipi_dsi_packet *packet,
                packet->header[2] = (msg->tx_len >> 8) & 0xff;
 
                packet->payload_length = msg->tx_len;
-               packet->payload = tx;
+               packet->payload = msg->tx_buf;
        } else {
+               const u8 *tx = msg->tx_buf;
+
                packet->header[1] = (msg->tx_len > 0) ? tx[0] : 0;
                packet->header[2] = (msg->tx_len > 1) ? tx[1] : 0;
        }