[Intel-gfx] [PATCH 1/4] drm/i915: Sanity check DP AUX message buffer and size
David Weinehall
david.weinehall at linux.intel.com
Fri Jan 29 05:54:29 PST 2016
On Fri, Jan 29, 2016 at 02:52:26PM +0200, Imre Deak wrote:
> While we are calling intel_dp_aux_transfer() with msg->size=0 whenever
> msg->buffer is NULL, passing NULL to memcpy() is undefined according to
> the ISO C standard. I haven't found any notes about this in the GNU C's
> or the kernel's documentation of the function and can't imagine what it
> would do with the NULL ptr. To better document this use of the
> parameters it still make sense to add an explicit check for this to the
> code.
>
> Caught by Coverity.
>
> Signed-off-by: Imre Deak <imre.deak at intel.com>
Reviewed-by: David Weinehall <david.weinehall at intel.com>
> ---
> drivers/gpu/drm/i915/intel_dp.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/i915/intel_dp.c b/drivers/gpu/drm/i915/intel_dp.c
> index e2bea710..2aed36e 100644
> --- a/drivers/gpu/drm/i915/intel_dp.c
> +++ b/drivers/gpu/drm/i915/intel_dp.c
> @@ -979,7 +979,10 @@ intel_dp_aux_transfer(struct drm_dp_aux *aux, struct drm_dp_aux_msg *msg)
> if (WARN_ON(txsize > 20))
> return -E2BIG;
>
> - memcpy(txbuf + HEADER_SIZE, msg->buffer, msg->size);
> + if (msg->buffer)
> + memcpy(txbuf + HEADER_SIZE, msg->buffer, msg->size);
> + else
> + WARN_ON(msg->size);
>
> ret = intel_dp_aux_ch(intel_dp, txbuf, txsize, rxbuf, rxsize);
> if (ret > 0) {
> --
> 2.5.0
>
More information about the Intel-gfx
mailing list