re: drm: update VIA driver to 2.7.2

re: drm: update VIA driver to 2.7.2

[Dan Carpenter]

Hello Dave Airlie,

The patch 925142431bd6: "drm: update VIA driver to 2.7.2" from Nov
12, 2005, leads to the following static checker warning:

	drivers/gpu/drm/via/via_irq.c:242 via_driver_irq_wait()
	error: buffer overflow 'masks' 4 <= 5

drivers/gpu/drm/via/via_irq.c
   225          if (irq >= drm_via_irq_num) {

This used to test for "irq >= dev_priv->num_irqs" but we raise it to
drm_via_irq_num.

   226                  DRM_ERROR("Trying to wait on unknown irq %d\n", irq);
   227                  return -EINVAL;
   228          }
   229  
   230          real_irq = dev_priv->irq_map[irq];
   231  
   232          if (real_irq < 0) {
   233                  DRM_ERROR("Video IRQ %d not available on this hardware.\n",
   234                            irq);
   235                  return -EINVAL;
   236          }
   237  
   238          masks = dev_priv->irq_masks;

There are dev_priv->num_irqs elements in the dev_priv->irq_masks[]
array.

   239          cur_irq = dev_priv->via_irqs + real_irq;
   240  
   241          if (masks[real_irq][2] && !force_sequence) {
   242                  DRM_WAIT_ON(ret, cur_irq->irq_queue, 3 * DRM_HZ,
   243                              ((VIA_READ(masks[irq][2]) & masks[irq][3]) ==
                                               ^^^^^^^^^^
Smatch is complaining because "irq" is out of bounds now that we raised
the limit on line 225.  Should we be using "masks[real_irq][2]" here?

   244                               masks[irq][4]));
   245                  cur_irq_sequence = atomic_read(&cur_irq->irq_received);
   246          } else {
   247                  DRM_WAIT_ON(ret, cur_irq->irq_queue, 3 * DRM_HZ,
   248                              (((cur_irq_sequence =
   249                                 atomic_read(&cur_irq->irq_received)) -
   250                                *sequence) <= (1 << 23)));
   251          }

regards,
dan carpenter