[<prev] [next>] [day] [month] [year] [list]
Message-Id: <1559530957-11103-1-git-send-email-92siuyang@gmail.com>
Date: Mon, 3 Jun 2019 11:02:37 +0800
From: Young Xiao <92siuyang@...il.com>
To: alexander.deucher@....com, christian.koenig@....com,
David1.Zhou@....com, airlied@...ux.ie, daniel@...ll.ch,
amd-gfx@...ts.freedesktop.org, dri-devel@...ts.freedesktop.org,
linux-kernel@...r.kernel.org
Cc: Young Xiao <92siuyang@...il.com>
Subject: [PATCH] drm/radeon: avoid a possible arrary overflow
When looking up the connector type make sure the index
is valid. Avoids a later crash if we read past the end
of the array.
This bug is similar to the issue which was fixed in
commit e1718d97aa88 ("drm/amdgpu: avoid a possible
array overflow").
Signed-off-by: Young Xiao <92siuyang@...il.com>
---
drivers/gpu/drm/radeon/radeon_atombios.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/gpu/drm/radeon/radeon_atombios.c b/drivers/gpu/drm/radeon/radeon_atombios.c
index f422a8d..971c541 100644
--- a/drivers/gpu/drm/radeon/radeon_atombios.c
+++ b/drivers/gpu/drm/radeon/radeon_atombios.c
@@ -632,6 +632,10 @@ bool radeon_get_atom_connector_info_from_object_table(struct drm_device *dev)
connector_object_id = con_obj_id;
}
} else {
+ if (con_obj_id >= ARRAY_SIZE(object_connector_convert)) {
+ DRM_ERROR("invalid con_obj_id %d\n", con_obj_id);
+ continue;
+ }
igp_lane_info = 0;
connector_type =
object_connector_convert[con_obj_id];
--
2.7.4
Powered by blists - more mailing lists