[PATCH 1/4] drm/displayid: add displayid_get_header() and check bounds better
Dmitry Osipenko
dmitry.osipenko at collabora.com
Tue Feb 21 16:27:17 UTC 2023
On 2/16/23 23:44, Jani Nikula wrote:
> Add a helper to get a pointer to struct displayid_header. To be
> pedantic, add buffer overflow checks to not touch the base if that
> itself would overflow.
>
> Cc: Iaroslav Boliukin <iam at lach.pw>
> Cc: Dmitry Osipenko <dmitry.osipenko at collabora.com>
> Signed-off-by: Jani Nikula <jani.nikula at intel.com>
> ---
> drivers/gpu/drm/drm_displayid.c | 17 ++++++++++++++++-
> 1 file changed, 16 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/drm_displayid.c b/drivers/gpu/drm/drm_displayid.c
> index 38ea8203df45..7d03159dc146 100644
> --- a/drivers/gpu/drm/drm_displayid.c
> +++ b/drivers/gpu/drm/drm_displayid.c
> @@ -7,13 +7,28 @@
> #include <drm/drm_edid.h>
> #include <drm/drm_print.h>
>
> +static const struct displayid_header *
> +displayid_get_header(const u8 *displayid, int length, int index)
> +{
> + const struct displayid_header *base;
> +
> + if (sizeof(*base) > length - index)
> + return ERR_PTR(-EINVAL);
> +
> + base = (const struct displayid_header *)&displayid[index];
> +
> + return base;
> +}
> +
> static int validate_displayid(const u8 *displayid, int length, int idx)
> {
> int i, dispid_length;
> u8 csum = 0;
> const struct displayid_header *base;
>
> - base = (const struct displayid_header *)&displayid[idx];
> + base = displayid_get_header(displayid, length, idx);
> + if (IS_ERR(base))
> + return PTR_ERR(base);
>
> DRM_DEBUG_KMS("base revision 0x%x, length %d, %d %d\n",
> base->rev, base->bytes, base->prod_id, base->ext_count);
Tested-by: Dmitry Osipenko <dmitry.osipenko at collabora.com>
Reviewed-by: Dmitry Osipenko <dmitry.osipenko at collabora.com>
--
Best regards,
Dmitry
More information about the dri-devel
mailing list