[PATCH] drm/amd/display: Fix buffer overflow in 'get_host_router_total_dp_tunnel_bw()'
SRINIVASAN SHANMUGAM
srinivasan.shanmugam at amd.com
Tue Jan 30 09:48:21 UTC 2024
+ Cc: Tom Chung <chiahsuan.chung at amd.com>
On 1/29/2024 9:19 PM, Srinivasan Shanmugam wrote:
> The error message buffer overflow 'dc->links' 12 <= 12 suggests that the
> code is trying to access an element of the dc->links array that is
> beyond its bounds. In C, arrays are zero-indexed, so an array with 12
> elements has valid indices from 0 to 11. Trying to access dc->links[12]
> would be an attempt to access the 13th element of a 12-element array,
> which is a buffer overflow.
>
> To fix this, ensure that the loop does not go beyond the last valid
> index when accessing dc->links[i + 1] by subtracting 1 from the loop
> condition.
>
> This would ensure that i + 1 is always a valid index in the array.
>
> Fixes the below:
> drivers/gpu/drm/amd/amdgpu/../display/dc/link/protocols/link_dp_dpia_bw.c:208 get_host_router_total_dp_tunnel_bw() error: buffer overflow 'dc->links' 12 <= 12
>
> Fixes: 9ed0893b7c58 ("drm/amd/display: Add dpia display mode validation logic")
> Cc: PeiChen Huang<peichen.huang at amd.com>
> Cc: Aric Cyr<aric.cyr at amd.com>
> Cc: Rodrigo Siqueira<rodrigo.siqueira at amd.com>
> Cc: Aurabindo Pillai<aurabindo.pillai at amd.com>
> Cc: Meenakshikumar Somasundaram<meenakshikumar.somasundaram at amd.com>
> Signed-off-by: Srinivasan Shanmugam<srinivasan.shanmugam at amd.com>
> ---
> drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_dpia_bw.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_dpia_bw.c b/drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_dpia_bw.c
> index dd0d2b206462..5491b707cec8 100644
> --- a/drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_dpia_bw.c
> +++ b/drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_dpia_bw.c
> @@ -196,7 +196,7 @@ static int get_host_router_total_dp_tunnel_bw(const struct dc *dc, uint8_t hr_in
> struct dc_link *link_dpia_primary, *link_dpia_secondary;
> int total_bw = 0;
>
> - for (uint8_t i = 0; i < MAX_PIPES * 2; ++i) {
> + for (uint8_t i = 0; i < (MAX_PIPES * 2) - 1; ++i) {
>
> if (!dc->links[i] || dc->links[i]->ep_type != DISPLAY_ENDPOINT_USB4_DPIA)
> continue;
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/amd-gfx/attachments/20240130/664df2e2/attachment-0001.htm>
More information about the amd-gfx
mailing list