Re: [PATCH] drm/amd/display: fix array-bounds error in dc_stream_remove_writeback()

From: Guenter Roeck
Date: Thu Oct 06 2022 - 13:24:33 EST

Next message: Oleksandr Tyshchenko: "Re: [PATCH 2/3] xen/virtio: use dom0 as default backend for CONFIG_XEN_VIRTIO_FORCE_GRANT"
Previous message: Demi Marie Obenour: "Re: [PATCH v4 1/2] Avoid using EFI tables Xen may have clobbered"
In reply to: Guenter Roeck: "Re: [PATCH] drm/amd/display: fix array-bounds error in dc_stream_remove_writeback()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Oct 05, 2022 at 11:46:15PM -0700, Guenter Roeck wrote:
> On Tue, Sep 27, 2022 at 03:12:00PM -0400, Hamza Mahfooz wrote:
> > Address the following error:
> > drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c: In function ‘dc_stream_remove_writeback’:
> > drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c:527:55: error: array subscript [0, 0] is outside array bounds of ‘struct dc_writeback_info[1]’ [-Werror=array-bounds]
> > 527 | stream->writeback_info[j] = stream->writeback_info[i];
> > | ~~~~~~~~~~~~~~~~~~~~~~^~~
> > In file included from ./drivers/gpu/drm/amd/amdgpu/../display/dc/dc.h:1269,
> > from ./drivers/gpu/drm/amd/amdgpu/../display/dc/inc/core_types.h:29,
> > from ./drivers/gpu/drm/amd/amdgpu/../display/dc/basics/dc_common.h:29,
> > from drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c:27:
> > ./drivers/gpu/drm/amd/amdgpu/../display/dc/dc_stream.h:241:34: note: while referencing ‘writeback_info’
> > 241 | struct dc_writeback_info writeback_info[MAX_DWB_PIPES];
> > |
> >
> > Currently, we aren't checking to see if j remains within
> > writeback_info[]'s bounds. So, add a check to make sure that we aren't
> > overflowing the buffer.
> >
> > Signed-off-by: Hamza Mahfooz <hamza.mahfooz@xxxxxxx>
>
> With gcc 11.3, this patch doesn't fix a problem, it introduces one.
>
> Building csky:allmodconfig ... failed
> --------------
> Error log:
> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c: In function 'dc_stream_remove_writeback':
> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c:527:83: error: array subscript 1 is above array bounds of 'struct dc_writeback_info[1]' [-Werror=array-bounds]
> 527 | stream->writeback_info[j] = stream->writeback_info[i];
>
> Building mips:allmodconfig ... failed
> --------------
> Error log:
> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c: In function 'dc_stream_remove_writeback':
> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c:527:83: error: array subscript [0, 0] is outside array bounds of 'struct dc_writeback_info[1]' [-Werror=array-bounds]
> 527 | stream->writeback_info[j] = stream->writeback_info[i];
>
> Building arm:allmodconfig ... failed
> --------------
> Error log:
> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c: In function 'dc_stream_remove_writeback':
> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c:527:83: error: array subscript [0, 0] is outside array bounds of 'struct dc_writeback_info[1]' [-Werror=array-bounds]
> 527 | stream->writeback_info[j] = stream->writeback_info[i];
>

#regzbot introduced: 5d8c3e836fc2

Complete list of build failures in my test system due to this patch,
observed when building with gcc 11.3:

Build results:
total: 149 pass: 131 fail: 18
Failed builds:
alpha:allmodconfig
arm:allmodconfig
arm64:allmodconfig
csky:allmodconfig
i386:allyesconfig
i386:allmodconfig
mips:allmodconfig
openrisc:allmodconfig
parisc:allmodconfig
powerpc:allmodconfig
powerpc:ppc32_allmodconfig
riscv32:allmodconfig
riscv:allmodconfig
s390:allmodconfig
sparc64:allmodconfig
x86_64:allyesconfig
x86_64:allmodconfig
xtensa:allmodconfig

Guenter

Next message: Oleksandr Tyshchenko: "Re: [PATCH 2/3] xen/virtio: use dom0 as default backend for CONFIG_XEN_VIRTIO_FORCE_GRANT"
Previous message: Demi Marie Obenour: "Re: [PATCH v4 1/2] Avoid using EFI tables Xen may have clobbered"
In reply to: Guenter Roeck: "Re: [PATCH] drm/amd/display: fix array-bounds error in dc_stream_remove_writeback()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]