| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 5 Jan 2022 13:11:22 +0300
From: Dan Carpenter <dan.carpenter@...cle.com>
To: kbuild@...ts.01.org, Aurabindo Pillai <aurabindo.pillai@....com>
Cc: lkp@...el.com, kbuild-all@...ts.01.org,
linux-kernel@...r.kernel.org,
Alex Deucher <alexander.deucher@....com>,
Chris Park <Chris.Park@....com>
Subject: drivers/gpu/drm/amd/amdgpu/../display/dc/dcn303/dcn303_resource.c:533
dcn303_stream_encoder_create() error: buffer overflow 'stream_enc_regs' 2 <=
4
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 3f667b5d4053ad54aee13dab5c94f04ff75ddfdf
commit: cd6d421e3d1ad5926b74091254e345db730e7706 drm/amd/display: Initial DC support for Beige Goby
config: x86_64-randconfig-m001-20211207 (https://download.01.org/0day-ci/archive/20211219/202112190934.db7anVBT-lkp@intel.com/config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>
Reported-by: Dan Carpenter <dan.carpenter@...cle.com>
New smatch warnings:
drivers/gpu/drm/amd/amdgpu/../display/dc/dcn303/dcn303_resource.c:533 dcn303_stream_encoder_create() error: buffer overflow 'stream_enc_regs' 2 <= 4
Old smatch warnings:
drivers/gpu/drm/amd/amdgpu/../display/dc/dcn303/dcn303_resource.c:531 dcn303_stream_encoder_create() warn: possible memory leak of 'enc1'
vim +/stream_enc_regs +533 drivers/gpu/drm/amd/amdgpu/../display/dc/dcn303/dcn303_resource.c
cd6d421e3d1ad5 Aurabindo Pillai 2021-03-15 511 static struct stream_encoder *dcn303_stream_encoder_create(enum engine_id eng_id, struct dc_context *ctx)
cd6d421e3d1ad5 Aurabindo Pillai 2021-03-15 512 {
cd6d421e3d1ad5 Aurabindo Pillai 2021-03-15 513 struct dcn10_stream_encoder *enc1;
cd6d421e3d1ad5 Aurabindo Pillai 2021-03-15 514 struct vpg *vpg;
cd6d421e3d1ad5 Aurabindo Pillai 2021-03-15 515 struct afmt *afmt;
cd6d421e3d1ad5 Aurabindo Pillai 2021-03-15 516 int vpg_inst;
cd6d421e3d1ad5 Aurabindo Pillai 2021-03-15 517 int afmt_inst;
cd6d421e3d1ad5 Aurabindo Pillai 2021-03-15 518
cd6d421e3d1ad5 Aurabindo Pillai 2021-03-15 519 /* Mapping of VPG, AFMT, DME register blocks to DIO block instance */
cd6d421e3d1ad5 Aurabindo Pillai 2021-03-15 520 if (eng_id <= ENGINE_ID_DIGE) {
^^^^^^^^^^^^^^^^^^^^^^^^
eng_id <= 4
cd6d421e3d1ad5 Aurabindo Pillai 2021-03-15 521 vpg_inst = eng_id;
cd6d421e3d1ad5 Aurabindo Pillai 2021-03-15 522 afmt_inst = eng_id;
cd6d421e3d1ad5 Aurabindo Pillai 2021-03-15 523 } else
cd6d421e3d1ad5 Aurabindo Pillai 2021-03-15 524 return NULL;
cd6d421e3d1ad5 Aurabindo Pillai 2021-03-15 525
cd6d421e3d1ad5 Aurabindo Pillai 2021-03-15 526 enc1 = kzalloc(sizeof(struct dcn10_stream_encoder), GFP_KERNEL);
cd6d421e3d1ad5 Aurabindo Pillai 2021-03-15 527 vpg = dcn303_vpg_create(ctx, vpg_inst);
cd6d421e3d1ad5 Aurabindo Pillai 2021-03-15 528 afmt = dcn303_afmt_create(ctx, afmt_inst);
cd6d421e3d1ad5 Aurabindo Pillai 2021-03-15 529
cd6d421e3d1ad5 Aurabindo Pillai 2021-03-15 530 if (!enc1 || !vpg || !afmt)
cd6d421e3d1ad5 Aurabindo Pillai 2021-03-15 531 return NULL;
cd6d421e3d1ad5 Aurabindo Pillai 2021-03-15 532
cd6d421e3d1ad5 Aurabindo Pillai 2021-03-15 @533 dcn30_dio_stream_encoder_construct(enc1, ctx, ctx->dc_bios, eng_id, vpg, afmt, &stream_enc_regs[eng_id],
^^^^^^^^^^^^^^^^^^^^^^^^
Out of bounds. (I have not reviewed the context but these warnings are
pretty reliable).
cd6d421e3d1ad5 Aurabindo Pillai 2021-03-15 534 &se_shift, &se_mask);
cd6d421e3d1ad5 Aurabindo Pillai 2021-03-15 535
cd6d421e3d1ad5 Aurabindo Pillai 2021-03-15 536 return &enc1->base;
cd6d421e3d1ad5 Aurabindo Pillai 2021-03-15 537 }
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
Powered by blists - more mailing lists