[PATCH] drm/amd: Fix an out of bounds error in BIOS parser

[Harry Wentland]

On 4/2/23 18:08, Mario Limonciello wrote:
> The array is hardcoded to 8 in atomfirmware.h, but firmware provides
> a bigger one sometimes. Deferencing the larger array causes an out
> of bounds error.
> 
> commit 4fc1ba4aa589 ("drm/amd/display: fix array index out of bound error
> in bios parser") fixed some of this, but there are two other cases
> not covered by it.  Fix those as well.
> 
> Reported-by: erhard_f at mailbox.org
> Link: https://bugzilla.kernel.org/show_bug.cgi?id=214853
> Link: https://gitlab.freedesktop.org/drm/amd/-/issues/2473
> Signed-off-by: Mario Limonciello <mario.limonciello at amd.com>

Reviewed-by: Harry Wentland <harry.wentland at amd.com>

Harry

> ---
>  drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 7 ++-----
>  1 file changed, 2 insertions(+), 5 deletions(-)
> 
> diff --git a/drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c b/drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c
> index e381de2429fa..ae3783a7d7f4 100644
> --- a/drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c
> +++ b/drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c
> @@ -515,11 +515,8 @@ static enum bp_result get_gpio_i2c_info(
>  	info->i2c_slave_address = record->i2c_slave_addr;
>  
>  	/* TODO: check how to get register offset for en, Y, etc. */
> -	info->gpio_info.clk_a_register_index =
> -			le16_to_cpu(
> -			header->gpio_pin[table_index].data_a_reg_index);
> -	info->gpio_info.clk_a_shift =
> -			header->gpio_pin[table_index].gpio_bitshift;
> +	info->gpio_info.clk_a_register_index = le16_to_cpu(pin->data_a_reg_index);
> +	info->gpio_info.clk_a_shift = pin->gpio_bitshift;
>  
>  	return BP_RESULT_OK;
>  }