| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202211100842.076585A@keescook>
Date: Thu, 10 Nov 2022 08:42:57 -0800
From: coverity-bot <keescook@...omium.org>
To: Ben Skeggs <bskeggs@...hat.com>
Cc: Thomas Zimmermann <tzimmermann@...e.de>,
linux-kernel@...r.kernel.org, Daniel Vetter <daniel@...ll.ch>,
Lyude Paul <lyude@...hat.com>,
Karol Herbst <kherbst@...hat.com>,
David Airlie <airlied@...il.com>,
dri-devel@...ts.freedesktop.org, nouveau@...ts.freedesktop.org,
Jani Nikula <jani.nikula@...el.com>,
Dave Airlie <airlied@...hat.com>,
"Gustavo A. R. Silva" <gustavo@...eddedor.com>,
linux-next@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Coverity: nv50_hdmi_enable(): OVERRUN
Hello!
This is an experimental semi-automated report about issues detected by
Coverity from a scan of next-20221110 as part of the linux-next scan project:
https://scan.coverity.com/projects/linux-next-weekly-scan
You're getting this email because you were associated with the identified
lines of code (noted below) that were touched by commits:
Wed Nov 9 08:22:02 2022 +1000
f530bc60a30b ("drm/nouveau/disp: move HDMI config into acquire + infoframe methods")
Coverity reported the following:
*** CID 1527272: (OVERRUN)
drivers/gpu/drm/nouveau/dispnv50/disp.c:801 in nv50_hdmi_enable()
795
796 size = hdmi_infoframe_pack(&infoframe, args.data, 17);
797 } else {
798 size = 0;
799 }
800
vvv CID 1527272: (OVERRUN)
vvv Overrunning struct type nvif_outp_infoframe_v0 of 8 bytes by passing it to a function which accesses it at byte offset 21 using argument "size" (which evaluates to 14).
801 nvif_outp_infoframe(&nv_encoder->outp, NVIF_OUTP_INFOFRAME_V0_AVI, &args.infoframe, size);
802
803 /* Vendor InfoFrame. */
804 if (!drm_hdmi_vendor_infoframe_from_display_mode(&infoframe.vendor.hdmi,
805 &nv_connector->base, mode))
806 size = hdmi_infoframe_pack(&infoframe, args.data, 17);
drivers/gpu/drm/nouveau/dispnv50/disp.c:810 in nv50_hdmi_enable()
804 if (!drm_hdmi_vendor_infoframe_from_display_mode(&infoframe.vendor.hdmi,
805 &nv_connector->base, mode))
806 size = hdmi_infoframe_pack(&infoframe, args.data, 17);
807 else
808 size = 0;
809
vvv CID 1527272: (OVERRUN)
vvv Overrunning struct type nvif_outp_infoframe_v0 of 8 bytes by passing it to a function which accesses it at byte offset 21 using argument "size" (which evaluates to 14).
810 nvif_outp_infoframe(&nv_encoder->outp, NVIF_OUTP_INFOFRAME_V0_VSI, &args.infoframe, size);
811
812 nv50_audio_enable(encoder, nv_crtc, nv_connector, state, mode);
813 }
814
815 /******************************************************************************
If this is a false positive, please let us know so we can mark it as
such, or teach the Coverity rules to be smarter. If not, please make
sure fixes get into linux-next. :) For patches fixing this, please
include these lines (but double-check the "Fixes" first):
Reported-by: coverity-bot <keescook+coverity-bot@...omium.org>
Addresses-Coverity-ID: 1527272 ("OVERRUN")
Fixes: f530bc60a30b ("drm/nouveau/disp: move HDMI config into acquire + infoframe methods")
It looks like this should address &args not &args.infoframe, if the
intention is to include the "data" member.
Thanks for your attention!
--
Coverity-bot
Powered by blists - more mailing lists