[PATCH] drm/amdgpu: avoid a possible array overflow
Christian König
deathsimple at vodafone.de
Wed Aug 24 17:42:18 UTC 2016
Am 24.08.2016 um 18:34 schrieb Alex Deucher:
> When looking up the connector type make sure the index
> is valid. Avoids a later crash if we read past the end
> of the array.
>
> Signed-off-by: Alex Deucher <alexander.deucher at amd.com>
Reviewed-by: Christian König <christian.koenig at amd.com>.
> Cc: stable at vger.kernel.org
> ---
> drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c
> index 9831753..1514223 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c
> @@ -321,6 +321,12 @@ bool amdgpu_atombios_get_connector_info_from_object_table(struct amdgpu_device *
> (le16_to_cpu(path->usConnObjectId) &
> OBJECT_TYPE_MASK) >> OBJECT_TYPE_SHIFT;
>
> + if (con_obj_id >= ARRAY_SIZE(object_connector_convert)) {
> + DRM_ERROR("invalid con_obj_id %d for device tag 0x%04x\n",
> + con_obj_id, le16_to_cpu(path->usDeviceTag));
> + continue;
> + }
> +
> connector_type =
> object_connector_convert[con_obj_id];
> connector_object_id = con_obj_id;
More information about the amd-gfx
mailing list