[PATCH AUTOSEL 4.9 1/2] drm/imx: imx-ldb: fix out of bounds array access warning

From: Sasha Levin
Date: Mon Apr 05 2021 - 12:07:42 EST

Next message: Sasha Levin: "[PATCH AUTOSEL 5.4 08/13] block: only update parent bi_status when bio fail"
Previous message: Sasha Levin: "[PATCH AUTOSEL 4.9 2/2] gfs2: report "already frozen/thawed" errors"
Next in thread: Sasha Levin: "[PATCH AUTOSEL 4.9 2/2] gfs2: report "already frozen/thawed" errors"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Arnd Bergmann <arnd@xxxxxxxx>

[ Upstream commit 33ce7f2f95cabb5834cf0906308a5cb6103976da ]

When CONFIG_OF is disabled, building with 'make W=1' produces warnings
about out of bounds array access:

drivers/gpu/drm/imx/imx-ldb.c: In function 'imx_ldb_set_clock.constprop':
drivers/gpu/drm/imx/imx-ldb.c:186:8: error: array subscript -22 is below array bounds of 'struct clk *[4]' [-Werror=array-bounds]

Add an error check before the index is used, which helps with the
warning, as well as any possible other error condition that may be
triggered at runtime.

The warning could be fixed by adding a Kconfig depedency on CONFIG_OF,
but Liu Ying points out that the driver may hit the out-of-bounds
problem at runtime anyway.

Signed-off-by: Arnd Bergmann <arnd@xxxxxxxx>
Reviewed-by: Liu Ying <victor.liu@xxxxxxx>
Signed-off-by: Philipp Zabel <p.zabel@xxxxxxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
drivers/gpu/drm/imx/imx-ldb.c | 10 ++++++++++
1 file changed, 10 insertions(+)

diff --git a/drivers/gpu/drm/imx/imx-ldb.c b/drivers/gpu/drm/imx/imx-ldb.c
index 2df407b2b0da..3a9d06de81b4 100644
--- a/drivers/gpu/drm/imx/imx-ldb.c
+++ b/drivers/gpu/drm/imx/imx-ldb.c
@@ -212,6 +212,11 @@ static void imx_ldb_encoder_enable(struct drm_encoder *encoder)
int dual = ldb->ldb_ctrl & LDB_SPLIT_MODE_EN;
int mux = drm_of_encoder_active_port_id(imx_ldb_ch->child, encoder);

+ if (mux < 0 || mux >= ARRAY_SIZE(ldb->clk_sel)) {
+ dev_warn(ldb->dev, "%s: invalid mux %d\n", __func__, mux);
+ return;
+ }
+
drm_panel_prepare(imx_ldb_ch->panel);

if (dual) {
@@ -270,6 +275,11 @@ imx_ldb_encoder_atomic_mode_set(struct drm_encoder *encoder,
int mux = drm_of_encoder_active_port_id(imx_ldb_ch->child, encoder);
u32 bus_format = imx_ldb_ch->bus_format;

+ if (mux < 0 || mux >= ARRAY_SIZE(ldb->clk_sel)) {
+ dev_warn(ldb->dev, "%s: invalid mux %d\n", __func__, mux);
+ return;
+ }
+
if (mode->clock > 170000) {
dev_warn(ldb->dev,
"%s: mode exceeds 170 MHz pixel clock\n", __func__);
--
2.30.2

Next message: Sasha Levin: "[PATCH AUTOSEL 5.4 08/13] block: only update parent bi_status when bio fail"
Previous message: Sasha Levin: "[PATCH AUTOSEL 4.9 2/2] gfs2: report "already frozen/thawed" errors"
Next in thread: Sasha Levin: "[PATCH AUTOSEL 4.9 2/2] gfs2: report "already frozen/thawed" errors"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]