From mboxrd@z Thu Jan 1 00:00:00 1970 From: Paulo Zanoni Subject: [PATCH 2/5] drm/i915: fix intel_dp_aux_native_read's reply array size Date: Thu, 12 Sep 2013 18:03:52 -0300 Message-ID: <1379019832-1526-1-git-send-email-przanoni@gmail.com> References: <20130912171523.GD12961@nuc-i3427.alporthouse.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Received: from mail-ye0-f172.google.com (mail-ye0-f172.google.com [209.85.213.172]) by gabe.freedesktop.org (Postfix) with ESMTP id 5ED4EE7B25 for ; Thu, 12 Sep 2013 14:04:05 -0700 (PDT) Received: by mail-ye0-f172.google.com with SMTP id m12so150182yen.17 for ; Thu, 12 Sep 2013 14:04:04 -0700 (PDT) In-Reply-To: <20130912171523.GD12961@nuc-i3427.alporthouse.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: intel-gfx-bounces+gcfxdi-intel-gfx=m.gmane.org@lists.freedesktop.org Errors-To: intel-gfx-bounces+gcfxdi-intel-gfx=m.gmane.org@lists.freedesktop.org To: intel-gfx@lists.freedesktop.org Cc: Paulo Zanoni List-Id: intel-gfx@lists.freedesktop.org From: Paulo Zanoni So far we control all the reads an none of them exceeds the current limit of 20 bytes, but we never think about this when reviewing patches, so we may at some point in the future overflow the buffer. My initial patch just added a WARN in case we were about to overflow the buffer, but Chris suggested to make the size of the array dynamic. Signed-off-by: Paulo Zanoni --- drivers/gpu/drm/i915/intel_dp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/intel_dp.c b/drivers/gpu/drm/i915/intel_dp.c index 20e468c..bf0b260 100644 --- a/drivers/gpu/drm/i915/intel_dp.c +++ b/drivers/gpu/drm/i915/intel_dp.c @@ -564,7 +564,7 @@ intel_dp_aux_native_read(struct intel_dp *intel_dp, { uint8_t msg[4]; int msg_bytes; - uint8_t reply[20]; + uint8_t reply[recv_bytes + 1]; int reply_bytes; uint8_t ack; int ret; -- 1.8.3.1