Re: [PATCH] drm/amd/display: fix array-bounds error in dc_stream_remove_writeback()

From: Thorsten Leemhuis
Date: Tue Oct 11 2022 - 05:50:02 EST

Next message: Sergey Senozhatsky: "Re: Do not delay boot when printing log to serial console during startup?"
Previous message: Fuad Tabba: "Re: [PATCH v8 5/8] KVM: Register/unregister the guest private memory regions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[removed a lot of people from the list of recipients, as this is mainly
for Guenter]

Hi Guenter!

On 06.10.22 19:23, Guenter Roeck wrote:
> On Wed, Oct 05, 2022 at 11:46:15PM -0700, Guenter Roeck wrote:
>> On Tue, Sep 27, 2022 at 03:12:00PM -0400, Hamza Mahfooz wrote:
>>> Address the following error:
>>> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c: In function ‘dc_stream_remove_writeback’:
>>> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c:527:55: error: array subscript [0, 0] is outside array bounds of ‘struct dc_writeback_info[1]’ [-Werror=array-bounds]
>>> 527 | stream->writeback_info[j] = stream->writeback_info[i];
>>> | ~~~~~~~~~~~~~~~~~~~~~~^~~
>>> In file included from ./drivers/gpu/drm/amd/amdgpu/../display/dc/dc.h:1269,
>>> from ./drivers/gpu/drm/amd/amdgpu/../display/dc/inc/core_types.h:29,
>>> from ./drivers/gpu/drm/amd/amdgpu/../display/dc/basics/dc_common.h:29,
>>> from drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c:27:
>>> ./drivers/gpu/drm/amd/amdgpu/../display/dc/dc_stream.h:241:34: note: while referencing ‘writeback_info’
>>> 241 | struct dc_writeback_info writeback_info[MAX_DWB_PIPES];
>>> |
>>>
>>> Currently, we aren't checking to see if j remains within
>>> writeback_info[]'s bounds. So, add a check to make sure that we aren't
>>> overflowing the buffer.
>>>
>>> Signed-off-by: Hamza Mahfooz <hamza.mahfooz@xxxxxxx>
>>
>> With gcc 11.3, this patch doesn't fix a problem, it introduces one.
>>
>> Building csky:allmodconfig ... failed
>> --------------
>> Error log:
>> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c: In function 'dc_stream_remove_writeback':
>> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c:527:83: error: array subscript 1 is above array bounds of 'struct dc_writeback_info[1]' [-Werror=array-bounds]
>> 527 | stream->writeback_info[j] = stream->writeback_info[i];
>
> [...]
>
> #regzbot introduced: 5d8c3e836fc2

Thx for using regzbot, much appreciated. JFYI, the initial report was
your own mail you were replying to here, so a "#regzbot ^introduced:
..." would have been more appropriate. In this case it didn't matter
anyway, as the fix didn't include a "Link:" tag to the initial report
anyway. No worries, I just have to tell regzbot about the fix manually then:

#regzbot fixed-by: faf4d8e07f5b67

Ciao, Thorsten

Next message: Sergey Senozhatsky: "Re: Do not delay boot when printing log to serial console during startup?"
Previous message: Fuad Tabba: "Re: [PATCH v8 5/8] KVM: Register/unregister the guest private memory regions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]