drm/nouveau: port all engines to new engine module format
Dan Carpenter
dan.carpenter at oracle.com
Mon Mar 11 03:55:32 PDT 2013
Hello Ben Skeggs,
The patch ebb945a94bba: "drm/nouveau: port all engines to new engine
module format" from Jul 20, 2012, leads to the following warning:
"drivers/gpu/drm/nouveau/core/engine/graph/nvc0.c:570
nvc0_graph_ctor()
error: buffer overflow 'priv->tpc_nr' 4 <= 30"
drivers/gpu/drm/nouveau/core/engine/graph/nvc0.c
566
567 priv->rop_nr = (nv_rd32(priv, 0x409604) & 0x001f0000) >> 16;
568 priv->gpc_nr = nv_rd32(priv, 0x409604) & 0x0000001f;
^^^^^^^^^^^^
setting this to something between 0 and 0x1f.
569 for (i = 0; i < priv->gpc_nr; i++) {
570 priv->tpc_nr[i] = nv_rd32(priv, GPC_UNIT(i, 0x2608));
^^^^^^^^^^^^^^^
If ->gpc_nr is more than 4 we are writing past the end of the array.
571 priv->tpc_total += priv->tpc_nr[i];
572 }
573
regards,
dan carpenter
More information about the dri-devel
mailing list