[igt-dev] [PATCH i-g-t] tools/intel_vbt_decode: fix division by zero child device size
Jani Nikula
jani.nikula at intel.com
Wed Mar 1 09:30:39 UTC 2023
On Tue, 28 Feb 2023, Kamil Konieczny <kamil.konieczny at linux.intel.com> wrote:
> On 2023-02-28 at 12:18:07 +0200, Jani Nikula wrote:
>> Real world VBTs keep fuzzing our decoder, this time with a legacy child
>> devices block #11 that has child_dev_size 0, leading to division by
>> zero. Check for it, and bail out early, both for legacy and current
>> child device blocks.
>>
>> Signed-off-by: Jani Nikula <jani.nikula at intel.com>
>
> lgtm,
> Reviewed-by: Kamil Konieczny <kamil.konieczny at linux.intel.com>
Pushed, thanks for the review.
BR,
Jani.
>
> --
> Kamil
>
>> ---
>> tools/intel_vbt_decode.c | 14 ++++++++++----
>> 1 file changed, 10 insertions(+), 4 deletions(-)
>>
>> diff --git a/tools/intel_vbt_decode.c b/tools/intel_vbt_decode.c
>> index 8f707c1f822a..3294f74c2e7c 100644
>> --- a/tools/intel_vbt_decode.c
>> +++ b/tools/intel_vbt_decode.c
>> @@ -1118,8 +1118,6 @@ static void dump_general_definitions(struct context *context,
>> const struct bdb_general_definitions *defs = block_data(block);
>> int child_dev_num;
>>
>> - child_dev_num = (block->size - sizeof(*defs)) / defs->child_dev_size;
>> -
>> printf("\tCRT DDC GMBUS addr: 0x%02x\n", defs->crt_ddc_gmbus_pin);
>> printf("\tUse DPMS on AIM devices: %s\n", YESNO(defs->dpms_aim));
>> printf("\tSkip CRT detect at boot: %s\n",
>> @@ -1129,6 +1127,11 @@ static void dump_general_definitions(struct context *context,
>> printf("\tBoot display type: 0x%02x%02x\n", defs->boot_display[1],
>> defs->boot_display[0]);
>> printf("\tChild device size: %d\n", defs->child_dev_size);
>> +
>> + if (!defs->child_dev_size)
>> + return;
>> +
>> + child_dev_num = (block->size - sizeof(*defs)) / defs->child_dev_size;
>> printf("\tChild device count: %d\n", child_dev_num);
>>
>> dump_child_devices(context, defs->devices,
>> @@ -1141,9 +1144,12 @@ static void dump_legacy_child_devices(struct context *context,
>> const struct bdb_legacy_child_devices *defs = block_data(block);
>> int child_dev_num;
>>
>> - child_dev_num = (block->size - sizeof(*defs)) / defs->child_dev_size;
>> -
>> printf("\tChild device size: %d\n", defs->child_dev_size);
>> +
>> + if (!defs->child_dev_size)
>> + return;
>> +
>> + child_dev_num = (block->size - sizeof(*defs)) / defs->child_dev_size;
>> printf("\tChild device count: %d\n", child_dev_num);
>>
>> dump_child_devices(context, defs->devices,
>> --
>> 2.39.1
>>
--
Jani Nikula, Intel Open Source Graphics Center
More information about the igt-dev
mailing list