[PATCH] drm/amd/display: Fix possible buffer overflow in 'find_dcfclk_for_voltage()'

Li, Roman Roman.Li at amd.com
Fri Feb 9 15:20:34 UTC 2024


[Public]

> -----Original Message-----
> From: SHANMUGAM, SRINIVASAN <SRINIVASAN.SHANMUGAM at amd.com>
> Sent: Tuesday, February 6, 2024 11:55 PM
> To: Siqueira, Rodrigo <Rodrigo.Siqueira at amd.com>; Pillai, Aurabindo
> <Aurabindo.Pillai at amd.com>
> Cc: amd-gfx at lists.freedesktop.org; SHANMUGAM, SRINIVASAN
> <SRINIVASAN.SHANMUGAM at amd.com>; Li, Roman <Roman.Li at amd.com>
> Subject: [PATCH] drm/amd/display: Fix possible buffer overflow in
> 'find_dcfclk_for_voltage()'
>
> when 'find_dcfclk_for_voltage()' function is looping over
> VG_NUM_SOC_VOLTAGE_LEVELS (which is 8), but the size of the DcfClocks
> array is VG_NUM_DCFCLK_DPM_LEVELS (which is 7).
>
> When the loop variable i reaches 7, the function tries to access clock_table-
> >DcfClocks[7]. However, since the size of the DcfClocks array is 7, the valid
> indices are 0 to 6. Index 7 is beyond the size of the array, leading to a buffer
> overflow.
>
> Fixes the below:
> drivers/gpu/drm/amd/amdgpu/../display/dc/clk_mgr/dcn301/vg_clk_mgr.c:
> 550 find_dcfclk_for_voltage() error: buffer overflow 'clock_table->DcfClocks' 7
> <= 7

I recommend mentioning that this is a static analysis tool error.
With that:
Reviewed-by: Roman Li <roman.li at amd.com>

>
> Fixes: 3a83e4e64bb1 ("drm/amd/display: Add dcn3.01 support to DC (v2)")
> Cc: Roman Li <Roman.Li at amd.com>
> Cc: Rodrigo Siqueira <Rodrigo.Siqueira at amd.com>
> Cc: Aurabindo Pillai <aurabindo.pillai at amd.com>
> Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam at amd.com>
> ---
>  drivers/gpu/drm/amd/display/dc/clk_mgr/dcn301/vg_clk_mgr.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn301/vg_clk_mgr.c
> b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn301/vg_clk_mgr.c
> index a5489fe6875f..aa9fd1dc550a 100644
> --- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn301/vg_clk_mgr.c
> +++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn301/vg_clk_mgr.c
> @@ -546,6 +546,8 @@ static unsigned int find_dcfclk_for_voltage(const
> struct vg_dpm_clocks *clock_ta
>       int i;
>
>       for (i = 0; i < VG_NUM_SOC_VOLTAGE_LEVELS; i++) {
> +             if (i >= VG_NUM_DCFCLK_DPM_LEVELS)
> +                     break;
>               if (clock_table->SocVoltage[i] == voltage)
>                       return clock_table->DcfClocks[i];
>       }
> --
> 2.34.1



More information about the amd-gfx mailing list