[bug report] drm/amd/display: Initial DC support for Beige Goby
Dan Carpenter
dan.carpenter at oracle.com
Tue Jul 26 15:18:39 UTC 2022
Hello Aurabindo Pillai,
The patch cd6d421e3d1a: "drm/amd/display: Initial DC support for
Beige Goby" from Mar 15, 2021, leads to the following Smatch static
checker warning:
drivers/gpu/drm/amd/amdgpu/../display/dc/dcn303/dcn303_resource.c:392 dcn303_stream_encoder_create()
error: buffer overflow 'stream_enc_regs' 2 <= 4
drivers/gpu/drm/amd/amdgpu/../display/dc/dcn301/dcn301_resource.c:1024
dcn301_stream_encoder_create() error: buffer overflow 'stream_enc_regs' 4 <= 5
drivers/gpu/drm/amd/amdgpu/../display/dc/dcn303/dcn303_resource.c
366 static struct stream_encoder *dcn303_stream_encoder_create(enum engine_id eng_id, struct dc_context *ctx)
367 {
368 struct dcn10_stream_encoder *enc1;
369 struct vpg *vpg;
370 struct afmt *afmt;
371 int vpg_inst;
372 int afmt_inst;
373
374 /* Mapping of VPG, AFMT, DME register blocks to DIO block instance */
375 if (eng_id <= ENGINE_ID_DIGE) {
^^^^^^^^^^^^^^^^^^^^^^^^
This tells us that eng_id can be <= 4.
376 vpg_inst = eng_id;
377 afmt_inst = eng_id;
378 } else
379 return NULL;
380
381 enc1 = kzalloc(sizeof(struct dcn10_stream_encoder), GFP_KERNEL);
382 vpg = dcn303_vpg_create(ctx, vpg_inst);
383 afmt = dcn303_afmt_create(ctx, afmt_inst);
384
385 if (!enc1 || !vpg || !afmt) {
386 kfree(enc1);
387 kfree(vpg);
388 kfree(afmt);
389 return NULL;
390 }
391
--> 392 dcn30_dio_stream_encoder_construct(enc1, ctx, ctx->dc_bios, eng_id, vpg, afmt, &stream_enc_regs[eng_id],
^^^^^^^^^^^^^^^
But anything more than 1 is out of bounds. The dcn301 code is basically
the same.
393 &se_shift, &se_mask);
394
395 return &enc1->base;
396 }
regards,
dan carpenter
More information about the amd-gfx
mailing list