lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20221006172337.GA753466@roeck-us.net>
Date:   Thu, 6 Oct 2022 10:23:37 -0700
From:   Guenter Roeck <linux@...ck-us.net>
To:     Hamza Mahfooz <hamza.mahfooz@....com>
Cc:     linux-kernel@...r.kernel.org,
        Harry Wentland <harry.wentland@....com>,
        Leo Li <sunpeng.li@....com>,
        Rodrigo Siqueira <Rodrigo.Siqueira@....com>,
        Alex Deucher <alexander.deucher@....com>,
        Christian König <christian.koenig@....com>,
        "Pan, Xinhui" <Xinhui.Pan@....com>,
        David Airlie <airlied@...ux.ie>,
        Daniel Vetter <daniel@...ll.ch>,
        "Lee, Alvin" <Alvin.Lee2@....com>, Alex Hung <alex.hung@....com>,
        Pavle Kotarac <Pavle.Kotarac@....com>,
        Stylon Wang <stylon.wang@....com>,
        Aurabindo Pillai <aurabindo.pillai@....com>,
        "Leo (Hanghong) Ma" <hanghong.ma@....com>,
        Hersen Wu <hersenwu@....com>, Paul Hsieh <paul.hsieh@....com>,
        Jimmy Kizito <Jimmy.Kizito@....com>,
        amd-gfx@...ts.freedesktop.org, dri-devel@...ts.freedesktop.org,
        regressions@...ts.linux.dev
Subject: Re: [PATCH] drm/amd/display: fix array-bounds error in
 dc_stream_remove_writeback()

On Wed, Oct 05, 2022 at 11:46:15PM -0700, Guenter Roeck wrote:
> On Tue, Sep 27, 2022 at 03:12:00PM -0400, Hamza Mahfooz wrote:
> > Address the following error:
> > drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c: In function ‘dc_stream_remove_writeback’:
> > drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c:527:55: error: array subscript [0, 0] is outside array bounds of ‘struct dc_writeback_info[1]’ [-Werror=array-bounds]
> >   527 |                                 stream->writeback_info[j] = stream->writeback_info[i];
> >       |                                 ~~~~~~~~~~~~~~~~~~~~~~^~~
> > In file included from ./drivers/gpu/drm/amd/amdgpu/../display/dc/dc.h:1269,
> >                  from ./drivers/gpu/drm/amd/amdgpu/../display/dc/inc/core_types.h:29,
> >                  from ./drivers/gpu/drm/amd/amdgpu/../display/dc/basics/dc_common.h:29,
> >                  from drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c:27:
> > ./drivers/gpu/drm/amd/amdgpu/../display/dc/dc_stream.h:241:34: note: while referencing ‘writeback_info’
> >   241 |         struct dc_writeback_info writeback_info[MAX_DWB_PIPES];
> >       |
> > 
> > Currently, we aren't checking to see if j remains within
> > writeback_info[]'s bounds. So, add a check to make sure that we aren't
> > overflowing the buffer.
> > 
> > Signed-off-by: Hamza Mahfooz <hamza.mahfooz@....com>
> 
> With gcc 11.3, this patch doesn't fix a problem, it introduces one.
> 
> Building csky:allmodconfig ... failed
> --------------
> Error log:
> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c: In function 'dc_stream_remove_writeback':
> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c:527:83: error: array subscript 1 is above array bounds of 'struct dc_writeback_info[1]' [-Werror=array-bounds]
>   527 |                                 stream->writeback_info[j] = stream->writeback_info[i];
> 
> Building mips:allmodconfig ... failed
> --------------
> Error log:
> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c: In function 'dc_stream_remove_writeback':
> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c:527:83: error: array subscript [0, 0] is outside array bounds of 'struct dc_writeback_info[1]' [-Werror=array-bounds]
>   527 |                                 stream->writeback_info[j] = stream->writeback_info[i];
> 
> Building arm:allmodconfig ... failed
> --------------
> Error log:
> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c: In function 'dc_stream_remove_writeback':
> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c:527:83: error: array subscript [0, 0] is outside array bounds of 'struct dc_writeback_info[1]' [-Werror=array-bounds]
>   527 |                                 stream->writeback_info[j] = stream->writeback_info[i];
> 

#regzbot introduced: 5d8c3e836fc2

Complete list of build failures in my test system due to this patch,
observed when building with gcc 11.3:

Build results:
	total: 149 pass: 131 fail: 18
Failed builds:
	alpha:allmodconfig
	arm:allmodconfig
	arm64:allmodconfig
	csky:allmodconfig
	i386:allyesconfig
	i386:allmodconfig
	mips:allmodconfig
	openrisc:allmodconfig
	parisc:allmodconfig
	powerpc:allmodconfig
	powerpc:ppc32_allmodconfig
	riscv32:allmodconfig
	riscv:allmodconfig
	s390:allmodconfig
	sparc64:allmodconfig
	x86_64:allyesconfig
	x86_64:allmodconfig
	xtensa:allmodconfig

Guenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ