|
Takashi Iwai |
afb11c |
From 5bacecc3c56131c31f18b23d366f2184328fd9cf Mon Sep 17 00:00:00 2001
|
|
Takashi Iwai |
afb11c |
From: Jani Nikula <jani.nikula@intel.com>
|
|
Takashi Iwai |
afb11c |
Date: Thu, 16 Feb 2023 22:44:58 +0200
|
|
Takashi Iwai |
afb11c |
Subject: [PATCH] drm/displayid: add displayid_get_header() and check bounds better
|
|
Takashi Iwai |
afb11c |
Git-commit: 5bacecc3c56131c31f18b23d366f2184328fd9cf
|
|
Takashi Iwai |
afb11c |
Patch-mainline: v6.4-rc1
|
|
Takashi Iwai |
afb11c |
References: git-fixes
|
|
Takashi Iwai |
afb11c |
|
|
Takashi Iwai |
afb11c |
Add a helper to get a pointer to struct displayid_header. To be
|
|
Takashi Iwai |
afb11c |
pedantic, add buffer overflow checks to not touch the base if that
|
|
Takashi Iwai |
afb11c |
itself would overflow.
|
|
Takashi Iwai |
afb11c |
|
|
Takashi Iwai |
afb11c |
Cc: Iaroslav Boliukin <iam@lach.pw>
|
|
Takashi Iwai |
afb11c |
Cc: Dmitry Osipenko <dmitry.osipenko@collabora.com>
|
|
Takashi Iwai |
afb11c |
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
|
|
Takashi Iwai |
afb11c |
Tested-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
|
|
Takashi Iwai |
afb11c |
Reviewed-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
|
|
Takashi Iwai |
afb11c |
Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
|
|
Takashi Iwai |
afb11c |
Link: https://patchwork.freedesktop.org/patch/msgid/4a03b3a5132642d3cdb6d4c2641422955a917292.1676580180.git.jani.nikula@intel.com
|
|
Takashi Iwai |
afb11c |
Acked-by: Takashi Iwai <tiwai@suse.de>
|
|
Takashi Iwai |
afb11c |
|
|
Takashi Iwai |
afb11c |
---
|
|
Takashi Iwai |
afb11c |
drivers/gpu/drm/drm_displayid.c | 17 ++++++++++++++++-
|
|
Takashi Iwai |
afb11c |
1 file changed, 16 insertions(+), 1 deletion(-)
|
|
Takashi Iwai |
afb11c |
|
|
Takashi Iwai |
afb11c |
diff --git a/drivers/gpu/drm/drm_displayid.c b/drivers/gpu/drm/drm_displayid.c
|
|
Takashi Iwai |
afb11c |
index 38ea8203df45..7d03159dc146 100644
|
|
Takashi Iwai |
afb11c |
--- a/drivers/gpu/drm/drm_displayid.c
|
|
Takashi Iwai |
afb11c |
+++ b/drivers/gpu/drm/drm_displayid.c
|
|
Takashi Iwai |
afb11c |
@@ -7,13 +7,28 @@
|
|
Takashi Iwai |
afb11c |
#include <drm/drm_edid.h>
|
|
Takashi Iwai |
afb11c |
#include <drm/drm_print.h>
|
|
Takashi Iwai |
afb11c |
|
|
Takashi Iwai |
afb11c |
+static const struct displayid_header *
|
|
Takashi Iwai |
afb11c |
+displayid_get_header(const u8 *displayid, int length, int index)
|
|
Takashi Iwai |
afb11c |
+{
|
|
Takashi Iwai |
afb11c |
+ const struct displayid_header *base;
|
|
Takashi Iwai |
afb11c |
+
|
|
Takashi Iwai |
afb11c |
+ if (sizeof(*base) > length - index)
|
|
Takashi Iwai |
afb11c |
+ return ERR_PTR(-EINVAL);
|
|
Takashi Iwai |
afb11c |
+
|
|
Takashi Iwai |
afb11c |
+ base = (const struct displayid_header *)&displayid[index];
|
|
Takashi Iwai |
afb11c |
+
|
|
Takashi Iwai |
afb11c |
+ return base;
|
|
Takashi Iwai |
afb11c |
+}
|
|
Takashi Iwai |
afb11c |
+
|
|
Takashi Iwai |
afb11c |
static int validate_displayid(const u8 *displayid, int length, int idx)
|
|
Takashi Iwai |
afb11c |
{
|
|
Takashi Iwai |
afb11c |
int i, dispid_length;
|
|
Takashi Iwai |
afb11c |
u8 csum = 0;
|
|
Takashi Iwai |
afb11c |
const struct displayid_header *base;
|
|
Takashi Iwai |
afb11c |
|
|
Takashi Iwai |
afb11c |
- base = (const struct displayid_header *)&displayid[idx];
|
|
Takashi Iwai |
afb11c |
+ base = displayid_get_header(displayid, length, idx);
|
|
Takashi Iwai |
afb11c |
+ if (IS_ERR(base))
|
|
Takashi Iwai |
afb11c |
+ return PTR_ERR(base);
|
|
Takashi Iwai |
afb11c |
|
|
Takashi Iwai |
afb11c |
DRM_DEBUG_KMS("base revision 0x%x, length %d, %d %d\n",
|
|
Takashi Iwai |
afb11c |
base->rev, base->bytes, base->prod_id, base->ext_count);
|
|
Takashi Iwai |
afb11c |
--
|
|
Takashi Iwai |
afb11c |
2.35.3
|
|
Takashi Iwai |
afb11c |
|