From: Rodrigo Vivi <rodrigo.vivi@intel.com>
To: Luca Coelho <luciano.coelho@intel.com>
Cc: <intel-gfx@lists.freedesktop.org>, <ville.syrjala@intel.com>
Subject: Re: [PATCH 1/2] drm/i915/bios: double check array-boundary in parse_sdvo_lvds_data
Date: Tue, 28 May 2024 13:01:45 -0400 [thread overview]
Message-ID: <ZlYN-VQ4xtC3Z1Vs@intel.com> (raw)
In-Reply-To: <20240528112901.476068-2-luciano.coelho@intel.com>
On Tue, May 28, 2024 at 02:29:00PM +0300, Luca Coelho wrote:
> During static analysis, a concern was raised that we may access the
> dtd->dtd[] array out of bounds, because we are not checking whether
> the index we use is larger than the array.
>
> This should not be a problem as is, because the enumeration that is
> used for this index comes from "panel_type", which uses an enumeration
> with 4 items. But if this enumeration is ever changed, it can lead to
> hard-to-detect bugs, so better double-check it before using it as an
> index to the array.
I feel that we might have other cases there that could deserve a
protection like this.
Reviewed-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
>
> Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
> ---
> drivers/gpu/drm/i915/display/intel_bios.c | 12 ++++++++++++
> 1 file changed, 12 insertions(+)
>
> diff --git a/drivers/gpu/drm/i915/display/intel_bios.c b/drivers/gpu/drm/i915/display/intel_bios.c
> index b0a49b2f957f..128fe9250f40 100644
> --- a/drivers/gpu/drm/i915/display/intel_bios.c
> +++ b/drivers/gpu/drm/i915/display/intel_bios.c
> @@ -1120,6 +1120,18 @@ parse_sdvo_lvds_data(struct drm_i915_private *i915,
> if (!dtd)
> return;
>
> + /*
> + * This should not happen, as long as the panel_type
> + * enumeration doesn't grow over 4 items. But if it does, it
> + * could lead to hard-to-detect bugs, so better double-check
> + * it here to be sure.
> + */
> + if (index >= ARRAY_SIZE(dtd->dtd)) {
> + drm_err(&i915->drm, "index %d is larger than dtd->dtd[4] array\n",
> + index);
> + return;
> + }
> +
> panel_fixed_mode = kzalloc(sizeof(*panel_fixed_mode), GFP_KERNEL);
> if (!panel_fixed_mode)
> return;
> --
> 2.39.2
>
next prev parent reply other threads:[~2024-05-28 17:02 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-28 11:28 [PATCH 0/2] drm/i915: prevent some static analyzer warnings Luca Coelho
2024-05-28 11:29 ` [PATCH 1/2] drm/i915/bios: double check array-boundary in parse_sdvo_lvds_data Luca Coelho
2024-05-28 17:01 ` Rodrigo Vivi [this message]
2024-05-28 11:29 ` [PATCH 2/2] drm/i915: move uapi.event outside spinlock in intel_crtc_vblank_work Luca Coelho
2024-05-28 16:58 ` Rodrigo Vivi
2024-05-28 12:46 ` ✗ Fi.CI.SPARSE: warning for drm/i915: prevent some static analyzer warnings Patchwork
2024-05-28 12:54 ` ✓ Fi.CI.BAT: success " Patchwork
2024-05-29 3:28 ` ✗ Fi.CI.IGT: failure " Patchwork
2024-05-29 11:47 ` Luca Coelho
2024-05-30 8:56 ` Illipilli, TejasreeX
2024-05-30 5:53 ` ✓ Fi.CI.IGT: success " Patchwork
2024-05-30 10:48 ` [PATCH 0/2] " Kandpal, Suraj
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZlYN-VQ4xtC3Z1Vs@intel.com \
--to=rodrigo.vivi@intel.com \
--cc=intel-gfx@lists.freedesktop.org \
--cc=luciano.coelho@intel.com \
--cc=ville.syrjala@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.