[radeon] connector_info_from_object_table
Alex Deucher
alexdeucher at gmail.com
Thu Nov 18 22:26:20 UTC 2021
On Thu, Nov 18, 2021 at 11:37 AM Amol <suratiamol at gmail.com> wrote:
>
> Hello,
>
> The function radeon_get_atom_connector_info_from_object_table,
> at location [1], ends up parsing ATOM_COMMON_TABLE_HEADER
> as ATOM_COMMON_RECORD_HEADER if
> enc_obj->asObjects[k].usRecordOffset is zero. It is found to be zero
> in the BIOS found at [2].
>
> Thankfully, the loop that follows exits immediately since ucRecordSize
> is 0 because
> (ATOM_COMMON_TABLE_HEADER.usStructureSize & 0xff00) is zero.
> But, with suitable values in the usStructureSize, the loop can be made to
> run and parse garbage.
>
> A similar loop exists when parsing the conn objects.
Can you send a patch to make it more robust?
Thanks,
Alex
>
> -Amol
>
> [1] https://github.com/torvalds/linux/blob/master/drivers/gpu/drm/radeon/radeon_atombios.c#L652
> [2] https://www.techpowerup.com/vgabios/211981/211981
More information about the amd-gfx
mailing list