| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 9 Oct 2022 17:47:36 -0700
From: Palmer Dabbelt <palmer@...osinc.com>
To: alexander.deucher@....com
Cc: harry.wentland@....com, sunpeng.li@....com,
Rodrigo.Siqueira@....com, christian.koenig@....com,
Xinhui.Pan@....com, airlied@...il.com, daniel@...ll.ch,
Alvin.Lee2@....com, aurabindo.pillai@....com,
Pavle.Kotarac@....com, alex.hung@....com,
Palmer Dabbelt <palmer@...osinc.com>, Jimmy.Kizito@....com,
hersenwu@....com, hanghong.ma@....com, paul.hsieh@....com,
amd-gfx@...ts.freedesktop.org, dri-devel@...ts.freedesktop.org,
linux-kernel@...r.kernel.org, linux@...osinc.com
Subject: [PATCH] drm/amd/display: fix another array-bounds error in dc_stream_remove_writeback()
From: Palmer Dabbelt <palmer@...osinc.com>
Without this I get some warnings. I get the following with GCC 11:
drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c: In function ‘dc_stream_remove_writeback’:
drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c:527:83: warning: array subscript 1 is above array bounds of ‘struct dc_writeback_info[1]’ [-Warray-bounds]
527 | stream->writeback_info[j] = stream->writeback_info[i];
| ~~~~~~~~~~~~~~~~~~~~~~^~~
In file included from ./drivers/gpu/drm/amd/amdgpu/../display/dc/dc.h:1269,
from ./drivers/gpu/drm/amd/amdgpu/../display/dc/inc/core_types.h:29,
from ./drivers/gpu/drm/amd/amdgpu/../display/dc/basics/dc_common.h:29,
from drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c:27:
./drivers/gpu/drm/amd/amdgpu/../display/dc/dc_stream.h:241:34: note: while referencing ‘writeback_info’
241 | struct dc_writeback_info writeback_info[MAX_DWB_PIPES];
| ^~~~~~~~~~~~~~
and something slightly different with GCC 12:
drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c: In function 'dc_stream_remove_writeback':
rivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c:527:83: error: array subscript [0, 0] is outside array bounds of 'struct dc_writeback_info[1]' [-Werror=array-bounds]
527 | stream->writeback_info[j] = stream->writeback_info[i];
| ~~~~~~~~~~~~~~~~~~~~~~^~~
In file included from drivers/gpu/drm/amd/amdgpu/../display/dc/dc.h:1269,
from drivers/gpu/drm/amd/amdgpu/../display/dc/inc/core_types.h:29,
from drivers/gpu/drm/amd/amdgpu/../display/dc/basics/dc_common.h:29,
from drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c:27:
drivers/gpu/drm/amd/amdgpu/../display/dc/dc_stream.h:241:34: note: while referencing 'writeback_info'
241 | struct dc_writeback_info writeback_info[MAX_DWB_PIPES];
| ^~~~~~~~~~~~~~
This fixes both warnings for me.
I'm not sure how sane it is, as MAX_DWB_PIPES is 1 so the loop now
doesn't do anything: i and j are both 0, so they're always equal, so no
trimming is ever done. IIUC that was the case before, though, as the
only way this could trigger would result in an out of bounds array
access.
Signed-off-by: Palmer Dabbelt <palmer@...osinc.com>
---
drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_stream.c b/drivers/gpu/drm/amd/display/dc/core/dc_stream.c
index ae13887756bf..b64cef17afba 100644
--- a/drivers/gpu/drm/amd/display/dc/core/dc_stream.c
+++ b/drivers/gpu/drm/amd/display/dc/core/dc_stream.c
@@ -520,7 +520,7 @@ bool dc_stream_remove_writeback(struct dc *dc,
}
/* remove writeback info for disabled writeback pipes from stream */
- for (i = 0, j = 0; i < stream->num_wb_info && j < MAX_DWB_PIPES; i++) {
+ for (i = 0, j = 0; i < stream->num_wb_info && i < MAX_DWB_PIPES && j < MAX_DWB_PIPES; i++) {
if (stream->writeback_info[i].wb_enabled) {
if (i != j)
/* trim the array */
--
2.34.1
Powered by blists - more mailing lists