lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CADnq5_PAefQhvb=Yh9=uzrhnHtV9-5Lo01ervN32cSqGGDS9_g@mail.gmail.com>
Date:   Thu, 22 Oct 2020 01:02:38 -0400
From:   Alex Deucher <alexdeucher@...il.com>
To:     estherbdf <603571786@...com>
Cc:     Daniel Vetter <daniel@...ll.ch>,
        Maling list - DRI developers 
        <dri-devel@...ts.freedesktop.org>,
        amd-gfx list <amd-gfx@...ts.freedesktop.org>,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] drm/amd/display: fix a possible NULL pointer dereference
 in bios_parser_get_src_obj()

On Mon, Oct 19, 2020 at 8:38 AM estherbdf <603571786@...com> wrote:
>
> [Why] the func  bios_parser_get_src_obj () is similar to  bios_parser_get_dst_obj () which is fixed by the commit<a8f976473196>("drm/amd/display: Banch of smatch error and warning fixes in DC").
> the symbol 'id' is uninitialized and it is not checked before dereference it,may lead to null pointer dereference.
> [How] Initialized variable explicitly with NULL and add sanitizer.

I think the current code is safe as is.  get_src_obj_list() will
return 0 if *id_list is NULL and bios_parser_get_src_obj() checks if
number <= index.

Alex


>
> Signed-off-by: estherbdf <603571786@...com>
> ---
>  drivers/gpu/drm/amd/display/dc/bios/bios_parser.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c b/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c
> index 008d4d1..94c6cca 100644
> --- a/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c
> +++ b/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c
> @@ -190,7 +190,7 @@ static enum bp_result bios_parser_get_src_obj(struct dc_bios *dcb,
>         struct graphics_object_id *src_object_id)
>  {
>         uint32_t number;
> -       uint16_t *id;
> +       uint16_t *id = NULL;
>         ATOM_OBJECT *object;
>         struct bios_parser *bp = BP_FROM_DCB(dcb);
>
> @@ -206,7 +206,7 @@ static enum bp_result bios_parser_get_src_obj(struct dc_bios *dcb,
>
>         number = get_src_obj_list(bp, object, &id);
>
> -       if (number <= index)
> +       if (number <= index || !id)
>                 return BP_RESULT_BADINPUT;
>
>         *src_object_id = object_id_from_bios_object_id(id[index]);
> --
> 1.9.1
>
>
> _______________________________________________
> amd-gfx mailing list
> amd-gfx@...ts.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/amd-gfx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ