drm: update VIA driver to 2.7.2
Dan Carpenter
dan.carpenter at oracle.com
Wed Dec 11 02:11:50 PST 2013
Hello Dave Airlie,
The patch 925142431bd6: "drm: update VIA driver to 2.7.2" from Nov
12, 2005, leads to the following static checker warning:
drivers/gpu/drm/via/via_irq.c:242 via_driver_irq_wait()
error: buffer overflow 'masks' 4 <= 5
drivers/gpu/drm/via/via_irq.c
225 if (irq >= drm_via_irq_num) {
This used to test for "irq >= dev_priv->num_irqs" but we raise it to
drm_via_irq_num.
226 DRM_ERROR("Trying to wait on unknown irq %d\n", irq);
227 return -EINVAL;
228 }
229
230 real_irq = dev_priv->irq_map[irq];
231
232 if (real_irq < 0) {
233 DRM_ERROR("Video IRQ %d not available on this hardware.\n",
234 irq);
235 return -EINVAL;
236 }
237
238 masks = dev_priv->irq_masks;
There are dev_priv->num_irqs elements in the dev_priv->irq_masks[]
array.
239 cur_irq = dev_priv->via_irqs + real_irq;
240
241 if (masks[real_irq][2] && !force_sequence) {
242 DRM_WAIT_ON(ret, cur_irq->irq_queue, 3 * DRM_HZ,
243 ((VIA_READ(masks[irq][2]) & masks[irq][3]) ==
^^^^^^^^^^
Smatch is complaining because "irq" is out of bounds now that we raised
the limit on line 225. Should we be using "masks[real_irq][2]" here?
244 masks[irq][4]));
245 cur_irq_sequence = atomic_read(&cur_irq->irq_received);
246 } else {
247 DRM_WAIT_ON(ret, cur_irq->irq_queue, 3 * DRM_HZ,
248 (((cur_irq_sequence =
249 atomic_read(&cur_irq->irq_received)) -
250 *sequence) <= (1 << 23)));
251 }
regards,
dan carpenter
More information about the dri-devel
mailing list