kernel / kernel-source

Clone
Source Code
GIT

Files

  1.   a99b602ac2b8c237ced40a4769f19ed10f16288a
  2.   patches.suse
  3.   drm-bridge-sii8620-Fix-memory-corruption
Blob Blame History Raw 
From 79964dbaf662229253b281c42e82e2675a9d3b80 Mon Sep 17 00:00:00 2001
From: Maciej Purski <m.purski@samsung.com>
Date: Mon, 21 Aug 2017 12:32:51 +0200
Subject: [PATCH] drm/bridge/sii8620: Fix memory corruption
Git-commit: 79964dbaf662229253b281c42e82e2675a9d3b80
Patch-mainline: v4.13
References: bsc#1051510

Function sii8620_mt_read_devcap_reg_recv() used to read array index
from a wrong msg register, which caused writing out of array
bounds. It led to writing on other fields of struct sii8620.

Signed-off-by: Maciej Purski <m.purski@samsung.com>
Fixes: e9c6da270 ("drm/bridge/sii8620: add reading device capability       registers")
Signed-off-by: Andrzej Hajda <a.hajda@samsung.com>
Link: https://patchwork.freedesktop.org/patch/msgid/1503311571-25819-1-git-send-email-m.purski@samsung.com
Acked-by: Takashi Iwai <tiwai@suse.de>

---
 drivers/gpu/drm/bridge/sil-sii8620.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/drivers/gpu/drm/bridge/sil-sii8620.c
+++ b/drivers/gpu/drm/bridge/sil-sii8620.c
@@ -597,9 +597,9 @@ static void sii8620_mt_read_devcap(struc
 static void sii8620_mt_read_devcap_reg_recv(struct sii8620 *ctx,
 		struct sii8620_mt_msg *msg)
 {
-	u8 reg = msg->reg[0] & 0x7f;
+	u8 reg = msg->reg[1] & 0x7f;
 
-	if (msg->reg[0] & 0x80)
+	if (msg->reg[1] & 0x80)
 		ctx->xdevcap[reg] = msg->ret;
 	else
 		ctx->devcap[reg] = msg->ret;
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.