| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20160920151612.22249-1-colin.king@canonical.com>
Date: Tue, 20 Sep 2016 16:16:12 +0100
From: Colin King <colin.king@...onical.com>
To: Alex Deucher <alexander.deucher@....com>,
Christian König <christian.koenig@....com>,
David Airlie <airlied@...ux.ie>,
Ken Wang <Qingqing.Wang@....com>,
dri-devel@...ts.freedesktop.org
Cc: linux-kernel@...r.kernel.org
Subject: [PATCH] drm/amdgpu: avoid out of bounds access on array interrupt_status_offsets
From: Colin Ian King <colin.king@...onical.com>
The check for an out of bound index into array interrupt_status_offsets
is off-by-one. Fix this and also don't compared to a hard coded array
size but use ARRAY_SIZE instead.
Signed-off-by: Colin Ian King <colin.king@...onical.com>
---
drivers/gpu/drm/amd/amdgpu/dce_v6_0.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/dce_v6_0.c b/drivers/gpu/drm/amd/amdgpu/dce_v6_0.c
index d3512f3..4ce4c1a 100644
--- a/drivers/gpu/drm/amd/amdgpu/dce_v6_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/dce_v6_0.c
@@ -2782,7 +2782,7 @@ static int dce_v6_0_hpd_irq(struct amdgpu_device *adev,
uint32_t disp_int, mask, int_control, tmp;
unsigned hpd;
- if (entry->src_data > 6) {
+ if (entry->src_data >= ARRAY_SIZE(interrupt_status_offsets)) {
DRM_DEBUG("Unhandled interrupt: %d %d\n", entry->src_id, entry->src_data);
return 0;
}
--
2.9.3
Powered by blists - more mailing lists