Igt-dev Archive on lore.kernel.org
 help / color / mirror / Atom feed
* [igt-dev] [PATCH i-g-t] tools/intel_vbt_decode: fix division by zero child device size
@ 2023-02-28 10:18 Jani Nikula
  2023-02-28 10:36 ` [igt-dev] ✓ Fi.CI.BAT: success for " Patchwork
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Jani Nikula @ 2023-02-28 10:18 UTC (permalink / raw)
  To: igt-dev; +Cc: Jani Nikula

Real world VBTs keep fuzzing our decoder, this time with a legacy child
devices block #11 that has child_dev_size 0, leading to division by
zero. Check for it, and bail out early, both for legacy and current
child device blocks.

Signed-off-by: Jani Nikula <jani.nikula@intel.com>
---
 tools/intel_vbt_decode.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/tools/intel_vbt_decode.c b/tools/intel_vbt_decode.c
index 8f707c1f822a..3294f74c2e7c 100644
--- a/tools/intel_vbt_decode.c
+++ b/tools/intel_vbt_decode.c
@@ -1118,8 +1118,6 @@ static void dump_general_definitions(struct context *context,
 	const struct bdb_general_definitions *defs = block_data(block);
 	int child_dev_num;
 
-	child_dev_num = (block->size - sizeof(*defs)) / defs->child_dev_size;
-
 	printf("\tCRT DDC GMBUS addr: 0x%02x\n", defs->crt_ddc_gmbus_pin);
 	printf("\tUse DPMS on AIM devices: %s\n", YESNO(defs->dpms_aim));
 	printf("\tSkip CRT detect at boot: %s\n",
@@ -1129,6 +1127,11 @@ static void dump_general_definitions(struct context *context,
 	printf("\tBoot display type: 0x%02x%02x\n", defs->boot_display[1],
 	       defs->boot_display[0]);
 	printf("\tChild device size: %d\n", defs->child_dev_size);
+
+	if (!defs->child_dev_size)
+		return;
+
+	child_dev_num = (block->size - sizeof(*defs)) / defs->child_dev_size;
 	printf("\tChild device count: %d\n", child_dev_num);
 
 	dump_child_devices(context, defs->devices,
@@ -1141,9 +1144,12 @@ static void dump_legacy_child_devices(struct context *context,
 	const struct bdb_legacy_child_devices *defs = block_data(block);
 	int child_dev_num;
 
-	child_dev_num = (block->size - sizeof(*defs)) / defs->child_dev_size;
-
 	printf("\tChild device size: %d\n", defs->child_dev_size);
+
+	if (!defs->child_dev_size)
+		return;
+
+	child_dev_num = (block->size - sizeof(*defs)) / defs->child_dev_size;
 	printf("\tChild device count: %d\n", child_dev_num);
 
 	dump_child_devices(context, defs->devices,
-- 
2.39.1

^ permalink raw reply related	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2023-03-01  9:30 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-02-28 10:18 [igt-dev] [PATCH i-g-t] tools/intel_vbt_decode: fix division by zero child device size Jani Nikula
2023-02-28 10:36 ` [igt-dev] ✓ Fi.CI.BAT: success for " Patchwork
2023-02-28 11:27 ` [igt-dev] ✓ Fi.CI.IGT: " Patchwork
2023-02-28 20:12 ` [igt-dev] [PATCH i-g-t] " Kamil Konieczny
2023-03-01  9:30   ` Jani Nikula

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox