<pre>
Hi, Jason:

On Fri, 2023-04-07 at 14:46 +0800, Jason-JH.Lin wrote:
> CERT-C Characters and Strings (CERT STR31-C)
> all_drm_priv[cnt] evaluates to an address that could be at negative
> offset of an array.
>
> In mtk_drm_get_all_drm_priv():
> Guarantee that storage for strings has sufficient space for character
> data and the null terminator.
>
> So change cnt to unsigned int and check its max value.
>
> Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
> Fixes: 1ef7ed48356c ("drm/mediatek: Modify mediatek-drm for mt8195
> multi mmsys support")
> ---
> drivers/gpu/drm/mediatek/mtk_drm_drv.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/mediatek/mtk_drm_drv.c
> b/drivers/gpu/drm/mediatek/mtk_drm_drv.c
> index 86255a066faf..fcfa10332166 100644
> --- a/drivers/gpu/drm/mediatek/mtk_drm_drv.c
> +++ b/drivers/gpu/drm/mediatek/mtk_drm_drv.c
> @@ -378,7 +378,7 @@ static bool mtk_drm_get_all_drm_priv(struct
> device *dev)
> const struct of_device_id *of_id;
> struct device_node *node;
> struct device *drm_dev;
> -int cnt = 0;
> +unsigned int cnt = 0;
> int i, j;
>
> for_each_child_of_node(phandle->parent, node) {
> @@ -397,7 +397,7 @@ static bool mtk_drm_get_all_drm_priv(struct
> device *dev)
> continue;
>
> all_drm_priv[cnt] = dev_get_drvdata(drm_dev);
> -if (all_drm_priv[cnt] && all_drm_priv[cnt]-
> >mtk_drm_bound)
> +if (cnt < MAX_CRTC && all_drm_priv[cnt] &&
> all_drm_priv[cnt]->mtk_drm_bound)
> cnt++;


I would like to add below statement here:

if (cnt == MAX_CRTC)
break;

Regards,
CK

> }
>

</pre><!--type:text--><!--{--><pre>************* MEDIATEK Confidentiality Notice ********************
The information contained in this e-mail message (including any 
attachments) may be confidential, proprietary, privileged, or otherwise
exempt from disclosure under applicable laws. It is intended to be 
conveyed only to the designated recipient(s). Any use, dissemination, 
distribution, printing, retaining or copying of this e-mail (including its 
attachments) by unintended recipient(s) is strictly prohibited and may 
be unlawful. If you are not an intended recipient of this e-mail, or believe 
that you have received this e-mail in error, please notify the sender 
immediately (by replying to this e-mail), delete any and all copies of 
this e-mail (including any attachments) from your system, and do not
disclose the content of this e-mail to any other person. Thank you!
</pre><!--}-->