From: Jani Nikula <jani.nikula@intel.com>
To: Kamil Konieczny <kamil.konieczny@linux.intel.com>,
igt-dev@lists.freedesktop.org
Subject: Re: [igt-dev] [PATCH i-g-t] tools/intel_vbt_decode: fix division by zero child device size
Date: Wed, 01 Mar 2023 11:30:39 +0200 [thread overview]
Message-ID: <87mt4wx1hc.fsf@intel.com> (raw)
In-Reply-To: <20230228201257.b7k33r4p3x54bsrb@kamilkon-desk1>
On Tue, 28 Feb 2023, Kamil Konieczny <kamil.konieczny@linux.intel.com> wrote:
> On 2023-02-28 at 12:18:07 +0200, Jani Nikula wrote:
>> Real world VBTs keep fuzzing our decoder, this time with a legacy child
>> devices block #11 that has child_dev_size 0, leading to division by
>> zero. Check for it, and bail out early, both for legacy and current
>> child device blocks.
>>
>> Signed-off-by: Jani Nikula <jani.nikula@intel.com>
>
> lgtm,
> Reviewed-by: Kamil Konieczny <kamil.konieczny@linux.intel.com>
Pushed, thanks for the review.
BR,
Jani.
>
> --
> Kamil
>
>> ---
>> tools/intel_vbt_decode.c | 14 ++++++++++----
>> 1 file changed, 10 insertions(+), 4 deletions(-)
>>
>> diff --git a/tools/intel_vbt_decode.c b/tools/intel_vbt_decode.c
>> index 8f707c1f822a..3294f74c2e7c 100644
>> --- a/tools/intel_vbt_decode.c
>> +++ b/tools/intel_vbt_decode.c
>> @@ -1118,8 +1118,6 @@ static void dump_general_definitions(struct context *context,
>> const struct bdb_general_definitions *defs = block_data(block);
>> int child_dev_num;
>>
>> - child_dev_num = (block->size - sizeof(*defs)) / defs->child_dev_size;
>> -
>> printf("\tCRT DDC GMBUS addr: 0x%02x\n", defs->crt_ddc_gmbus_pin);
>> printf("\tUse DPMS on AIM devices: %s\n", YESNO(defs->dpms_aim));
>> printf("\tSkip CRT detect at boot: %s\n",
>> @@ -1129,6 +1127,11 @@ static void dump_general_definitions(struct context *context,
>> printf("\tBoot display type: 0x%02x%02x\n", defs->boot_display[1],
>> defs->boot_display[0]);
>> printf("\tChild device size: %d\n", defs->child_dev_size);
>> +
>> + if (!defs->child_dev_size)
>> + return;
>> +
>> + child_dev_num = (block->size - sizeof(*defs)) / defs->child_dev_size;
>> printf("\tChild device count: %d\n", child_dev_num);
>>
>> dump_child_devices(context, defs->devices,
>> @@ -1141,9 +1144,12 @@ static void dump_legacy_child_devices(struct context *context,
>> const struct bdb_legacy_child_devices *defs = block_data(block);
>> int child_dev_num;
>>
>> - child_dev_num = (block->size - sizeof(*defs)) / defs->child_dev_size;
>> -
>> printf("\tChild device size: %d\n", defs->child_dev_size);
>> +
>> + if (!defs->child_dev_size)
>> + return;
>> +
>> + child_dev_num = (block->size - sizeof(*defs)) / defs->child_dev_size;
>> printf("\tChild device count: %d\n", child_dev_num);
>>
>> dump_child_devices(context, defs->devices,
>> --
>> 2.39.1
>>
--
Jani Nikula, Intel Open Source Graphics Center
prev parent reply other threads:[~2023-03-01 9:30 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-28 10:18 [igt-dev] [PATCH i-g-t] tools/intel_vbt_decode: fix division by zero child device size Jani Nikula
2023-02-28 10:36 ` [igt-dev] ✓ Fi.CI.BAT: success for " Patchwork
2023-02-28 11:27 ` [igt-dev] ✓ Fi.CI.IGT: " Patchwork
2023-02-28 20:12 ` [igt-dev] [PATCH i-g-t] " Kamil Konieczny
2023-03-01 9:30 ` Jani Nikula [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87mt4wx1hc.fsf@intel.com \
--to=jani.nikula@intel.com \
--cc=igt-dev@lists.freedesktop.org \
--cc=kamil.konieczny@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox