From 759bb7ac98eaa830fb94af59c3d743adbf465cc7 Mon Sep 17 00:00:00 2001
From: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Date: Tue, 12 May 2015 11:06:35 +0100
Subject: [PATCH] igt_kms: Avoid NULL ptr deref when commiting disabled planes

I think;

   commit a26f9f9ad0e679c7ce413a25d34f6914e1174151
   Author: chandra konduru <chandra.konduru@intel.com>
   Date:   Mon Mar 30 13:52:04 2015 -0700

       i-g-t: Adding plane scaling test case

introduced a condition where it attempts to update a disabled plane because
of the newly introduced size_changed flag which is set for disabled frame
buffers. Result is a NULL ptr deref in igt_drm_plane_commit (plane->fb->src_x).

Start recognising this case as disabled plane and act accordingly.

v2: Split out igt_plane_set_fb cleanup. (Thomas Wood)

Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Reviewed-by: chandra konduru <chandra.konduru@intel.com>
Cc: Thomas Wood <thomas.wood@intel.com>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
---
 lib/igt_kms.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/igt_kms.c b/lib/igt_kms.c
index b7d1e904..33d437dc 100644
--- a/lib/igt_kms.c
+++ b/lib/igt_kms.c
@@ -1331,7 +1331,7 @@ static int igt_drm_plane_commit(igt_plane_t *plane,
 	fb_id = igt_plane_get_fb_id(plane);
 	crtc_id = output->config.crtc->crtc_id;
 
-	if (plane->fb_changed && fb_id == 0) {
+	if ((plane->fb_changed || plane->size_changed) && fb_id == 0) {
 		LOG(display,
 		    "%s: SetPlane pipe %s, plane %d, disabling\n",
 		    igt_output_name(output),