From mboxrd@z Thu Jan  1 00:00:00 1970
From: Dan Carpenter <error27@gmail.com>
Subject: drm_edid: potential range checking issue?
Date: Sun, 28 Mar 2010 14:25:58 +0300
Message-ID: <20100328112558.GM5069@bicker>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <dri-devel-bounces@lists.sourceforge.net>
Content-Disposition: inline
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/dri-devel>,
	<mailto:dri-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=dri-devel>
List-Post: <mailto:dri-devel@lists.sourceforge.net>
List-Help: <mailto:dri-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/dri-devel>,
	<mailto:dri-devel-request@lists.sourceforge.net?subject=subscribe>
Errors-To: dri-devel-bounces@lists.sourceforge.net
To: dri-devel@lists.sourceforge.net
Cc: David Airlie <airlied@linux.ie>
List-Id: dri-devel@lists.freedesktop.org

Hi list,  :)

Just going through some Smatch warnings.

drivers/gpu/drm/drm_edid.c +1032 add_detailed_modes() 'data->data.timings' 5 <= 5
  1027                  /* Six modes per detailed section */
  1028                  for (i = 0; i < 6; i++) {
  1029                          struct std_timing *std;
  1030                          struct drm_display_mode *newmode;
  1031
  1032                          std = &data->data.timings[i];
                                      ^^^^^^^^^^^^^^^^^^^^^^

In include/drm/drm_edid.h this array has 5 elements not 6.

struct detailed_non_pixel {
        u8 pad1;
        u8 type; /* ff=serial, fe=string, fd=monitor range, fc=monitor name
                    fb=color point data, fa=standard timing data,
                    f9=undefined, f8=mfg. reserved */
        u8 pad2;
        union {         
                struct detailed_data_string str;
                struct detailed_data_monitor_range range;
                struct detailed_data_wpindex color;
                struct std_timing timings[5];
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
                struct cvt_timing cvt[4];
        } data; 
} __attribute__((packed));

regards,
dan carpenter

------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
--