drm/nvd0/disp: initial crtc object implementation
Dan Carpenter
dan.carpenter at oracle.com
Tue Nov 26 13:30:27 PST 2013
Hello Ben Skeggs,
The patch 438d99e3b175: "drm/nvd0/disp: initial crtc object
implementation" from Jul 5, 2011, leads to the following
static checker warning: "drivers/gpu/drm/nouveau/nv50_display.c:1272
nv50_crtc_gamma_set()
error: buffer overflow 'nv_crtc->lut.r' 256 <= 256"
drivers/gpu/drm/nouveau/nv50_display.c
1263 static void
1264 nv50_crtc_gamma_set(struct drm_crtc *crtc, u16 *r, u16 *g, u16 *b,
1265 uint32_t start, uint32_t size)
1266 {
1267 struct nouveau_crtc *nv_crtc = nouveau_crtc(crtc);
1268 u32 end = max(start + size, (u32)256);
1269 u32 i;
1270
1271 for (i = start; i < end; i++) {
1272 nv_crtc->lut.r[i] = r[i];
^^^^^^^^
These arrays have 256 elements so going beyond seems like a bug. Should
the end = max() be a min() or something?
1273 nv_crtc->lut.g[i] = g[i];
1274 nv_crtc->lut.b[i] = b[i];
1275 }
1276
1277 nv50_crtc_lut_load(crtc);
1278 }
regards,
dan carpenter
More information about the dri-devel
mailing list