[Intel-gfx] [PATCH i-g-t 1/8] tools/intel_vbt_decode: make a copy of child devices before dumping

Jani Nikula jani.nikula at intel.com
Thu Oct 19 15:22:52 UTC 2017


Take child device size into account, avoid reading past the actual child
device.

Signed-off-by: Jani Nikula <jani.nikula at intel.com>
---
 tools/intel_vbt_decode.c | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/tools/intel_vbt_decode.c b/tools/intel_vbt_decode.c
index 948dc29dd114..499dcb065745 100644
--- a/tools/intel_vbt_decode.c
+++ b/tools/intel_vbt_decode.c
@@ -36,6 +36,7 @@
 #include <sys/stat.h>
 #include <sys/types.h>
 
+#include "igt_aux.h"
 #include "intel_io.h"
 #include "intel_chipset.h"
 #include "drmtest.h"
@@ -475,6 +476,7 @@ static void dump_general_definitions(struct context *context,
 				     const struct bdb_block *block)
 {
 	const struct bdb_general_definitions *defs = block->data;
+	struct child_device_config *child;
 	int i;
 	int child_device_num;
 
@@ -489,8 +491,22 @@ static void dump_general_definitions(struct context *context,
 	printf("\tChild device size: %d\n", defs->child_dev_size);
 	child_device_num = (block->size - sizeof(*defs)) /
 		defs->child_dev_size;
-	for (i = 0; i < child_device_num; i++)
-		dump_child_device(context, (const void*)&defs->devices[i * defs->child_dev_size]);
+
+	/*
+	 * Use a temp buffer so dump_child_device() doesn't have to worry about
+	 * accessing the struct beyond child_dev_size. The tail, if any, remains
+	 * initialized to zero.
+	 */
+	child = calloc(1, sizeof(*child));
+
+	for (i = 0; i < child_device_num; i++) {
+		memcpy(child, &defs->devices[i * defs->child_dev_size],
+		       min(sizeof(*child), defs->child_dev_size));
+
+		dump_child_device(context, child);
+	}
+
+	free(child);
 }
 
 static void dump_legacy_child_devices(struct context *context,
-- 
2.11.0



More information about the Intel-gfx mailing list