From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.6 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 89699C388F7 for ; Thu, 22 Oct 2020 05:02:54 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 229142244C for ; Thu, 22 Oct 2020 05:02:54 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="dZDXR6Tk" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2507703AbgJVFCx (ORCPT ); Thu, 22 Oct 2020 01:02:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58790 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2507695AbgJVFCw (ORCPT ); Thu, 22 Oct 2020 01:02:52 -0400 Received: from mail-wm1-x343.google.com (mail-wm1-x343.google.com [IPv6:2a00:1450:4864:20::343]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B5610C0613CE for ; Wed, 21 Oct 2020 22:02:51 -0700 (PDT) Received: by mail-wm1-x343.google.com with SMTP id c194so455044wme.2 for ; Wed, 21 Oct 2020 22:02:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=4wrpDjbP4w2xCq7mdzj75yVVv1DI/Z3nNPuhthG3gKU=; b=dZDXR6TkXw2gxAmMluY+wCv51B853jen6oLPQSb3pqaYX1NYXPCBu+tBYr79b1KxxH yDiwdTtKWgVb55jLnnlwao1splHVI/kvnrvnmoLPxh6MyMVdyjHeClDdM1O3KnH37/wH nSUJRQXbChgevvcfgH9083sSEYrHT8svseDw/KihzWi1JiopHkBZ+PLZjyiV/pxe3/HR mukUPHM9yVVdu35GhFjnSQ6y6qCnLmH+f/rWAJ25qOs2cHrl+0MgQk4Jc48+/iw4loGZ l5WrOEOtg7V5LIWx2fKr6ZOFOq/Do4n0fwB1NyNQa2pS83IHcW1v/DSJmGS/vgddw7Ci E/kA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=4wrpDjbP4w2xCq7mdzj75yVVv1DI/Z3nNPuhthG3gKU=; b=MxeX3oxpGsfnmnmU3xORYqbbwNS8xrtp7tigxgycsP52Wyq8HkAdOmi+CMOWHEggCM 0TuUw7MHF5uO9+a+5EqE4zORPGsYq+LfgkppbNwyY6g67/+ES8YjNjWG+mYKXDsEMGD7 h5d9/8R1rNqKGZjE9A5yFQj5ZqYfG/IDG1JK1CNbKhbpR0B4PLk+VWuuyiIz2W9l/x3p ZtOpjaciRrTR8OCEFRDgWt0JhgVQNneS+FkiITMeL6YhggqA9cvTM4A0cMg5drCuDH6A tlhUXKdW5YiDSO1FdoU3vqop3LvuLGbaLPPhHTPaSho9RfH/5pp4rKe3yEWp79QKclkY hSMA== X-Gm-Message-State: AOAM530N6ci+twa6r3unRkcweysrTOsyKbmxVcItO6Uc/CaczNwrDtNu K6rCeY97R1JroLsIvkYrsWLfvRb9dgNDrGmOQ5g= X-Google-Smtp-Source: ABdhPJxMFoQB7LByS4OaQ1rQSqobrtazTFawEDpuosydZ97IIqDtpTgXrJT1bdZ4KeaMqoXWb3c/tqEul4MnOhdibCw= X-Received: by 2002:a1c:6302:: with SMTP id x2mr207443wmb.56.1603342970516; Wed, 21 Oct 2020 22:02:50 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Alex Deucher Date: Thu, 22 Oct 2020 01:02:38 -0400 Message-ID: Subject: Re: [PATCH] drm/amd/display: fix a possible NULL pointer dereference in bios_parser_get_src_obj() To: estherbdf <603571786@qq.com> Cc: Daniel Vetter , Maling list - DRI developers , amd-gfx list , LKML Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Oct 19, 2020 at 8:38 AM estherbdf <603571786@qq.com> wrote: > > [Why] the func bios_parser_get_src_obj () is similar to bios_parser_get_dst_obj () which is fixed by the commit("drm/amd/display: Banch of smatch error and warning fixes in DC"). > the symbol 'id' is uninitialized and it is not checked before dereference it,may lead to null pointer dereference. > [How] Initialized variable explicitly with NULL and add sanitizer. I think the current code is safe as is. get_src_obj_list() will return 0 if *id_list is NULL and bios_parser_get_src_obj() checks if number <= index. Alex > > Signed-off-by: estherbdf <603571786@qq.com> > --- > drivers/gpu/drm/amd/display/dc/bios/bios_parser.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c b/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c > index 008d4d1..94c6cca 100644 > --- a/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c > +++ b/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c > @@ -190,7 +190,7 @@ static enum bp_result bios_parser_get_src_obj(struct dc_bios *dcb, > struct graphics_object_id *src_object_id) > { > uint32_t number; > - uint16_t *id; > + uint16_t *id = NULL; > ATOM_OBJECT *object; > struct bios_parser *bp = BP_FROM_DCB(dcb); > > @@ -206,7 +206,7 @@ static enum bp_result bios_parser_get_src_obj(struct dc_bios *dcb, > > number = get_src_obj_list(bp, object, &id); > > - if (number <= index) > + if (number <= index || !id) > return BP_RESULT_BADINPUT; > > *src_object_id = object_id_from_bios_object_id(id[index]); > -- > 1.9.1 > > > _______________________________________________ > amd-gfx mailing list > amd-gfx@lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/amd-gfx From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.3 required=3.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 36958C388F9 for ; Thu, 22 Oct 2020 05:02:54 +0000 (UTC) Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id BA23C20657 for ; Thu, 22 Oct 2020 05:02:53 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="dZDXR6Tk" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org BA23C20657 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=dri-devel-bounces@lists.freedesktop.org Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id DF3E46F3A4; Thu, 22 Oct 2020 05:02:52 +0000 (UTC) Received: from mail-wm1-x341.google.com (mail-wm1-x341.google.com [IPv6:2a00:1450:4864:20::341]) by gabe.freedesktop.org (Postfix) with ESMTPS id C5C946E34B; Thu, 22 Oct 2020 05:02:51 +0000 (UTC) Received: by mail-wm1-x341.google.com with SMTP id d3so453416wma.4; Wed, 21 Oct 2020 22:02:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=4wrpDjbP4w2xCq7mdzj75yVVv1DI/Z3nNPuhthG3gKU=; b=dZDXR6TkXw2gxAmMluY+wCv51B853jen6oLPQSb3pqaYX1NYXPCBu+tBYr79b1KxxH yDiwdTtKWgVb55jLnnlwao1splHVI/kvnrvnmoLPxh6MyMVdyjHeClDdM1O3KnH37/wH nSUJRQXbChgevvcfgH9083sSEYrHT8svseDw/KihzWi1JiopHkBZ+PLZjyiV/pxe3/HR mukUPHM9yVVdu35GhFjnSQ6y6qCnLmH+f/rWAJ25qOs2cHrl+0MgQk4Jc48+/iw4loGZ l5WrOEOtg7V5LIWx2fKr6ZOFOq/Do4n0fwB1NyNQa2pS83IHcW1v/DSJmGS/vgddw7Ci E/kA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=4wrpDjbP4w2xCq7mdzj75yVVv1DI/Z3nNPuhthG3gKU=; b=OEh+huW32uR7dfEwTD8BvynaMTf9Px80NYuyoP/q8/RTuBfK7ELE6uDIa56qoXr25H cD9+CqcVzJrq24ej6SrJmMTx+59w2WeBZcld4nA+SV2zFGGLiDYwICt61liFvGQJ2LJA xX0MblBwhTHTYBBxn+EaBd0B6nxvRNAv9FlPakBo/JmOGEE5M/wp5jPCDYOEDQ59+fua rDYBMCyX13Ulot1lwGJhyPwn7YspdWUenaTLsw8y0mf2jb7UMGU+htWVRSCXy0qWsbQa AHyxykFjITES5P4kE7MA80/Vpqv1o38sz7JYbyS2/45T1e+4fIKJYvaxKaA94HuMRbsx UGAA== X-Gm-Message-State: AOAM533mN3tdG9gjniXINgll+vljvYP/kg0FpfuF8hqfWRAX5EMEv39F fMzRyGOVzR50JIbg7FIu495zhy3tpWEMoWV8ozE= X-Google-Smtp-Source: ABdhPJxMFoQB7LByS4OaQ1rQSqobrtazTFawEDpuosydZ97IIqDtpTgXrJT1bdZ4KeaMqoXWb3c/tqEul4MnOhdibCw= X-Received: by 2002:a1c:6302:: with SMTP id x2mr207443wmb.56.1603342970516; Wed, 21 Oct 2020 22:02:50 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Alex Deucher Date: Thu, 22 Oct 2020 01:02:38 -0400 Message-ID: Subject: Re: [PATCH] drm/amd/display: fix a possible NULL pointer dereference in bios_parser_get_src_obj() To: estherbdf <603571786@qq.com> X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: amd-gfx list , Maling list - DRI developers , LKML Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" On Mon, Oct 19, 2020 at 8:38 AM estherbdf <603571786@qq.com> wrote: > > [Why] the func bios_parser_get_src_obj () is similar to bios_parser_get_dst_obj () which is fixed by the commit("drm/amd/display: Banch of smatch error and warning fixes in DC"). > the symbol 'id' is uninitialized and it is not checked before dereference it,may lead to null pointer dereference. > [How] Initialized variable explicitly with NULL and add sanitizer. I think the current code is safe as is. get_src_obj_list() will return 0 if *id_list is NULL and bios_parser_get_src_obj() checks if number <= index. Alex > > Signed-off-by: estherbdf <603571786@qq.com> > --- > drivers/gpu/drm/amd/display/dc/bios/bios_parser.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c b/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c > index 008d4d1..94c6cca 100644 > --- a/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c > +++ b/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c > @@ -190,7 +190,7 @@ static enum bp_result bios_parser_get_src_obj(struct dc_bios *dcb, > struct graphics_object_id *src_object_id) > { > uint32_t number; > - uint16_t *id; > + uint16_t *id = NULL; > ATOM_OBJECT *object; > struct bios_parser *bp = BP_FROM_DCB(dcb); > > @@ -206,7 +206,7 @@ static enum bp_result bios_parser_get_src_obj(struct dc_bios *dcb, > > number = get_src_obj_list(bp, object, &id); > > - if (number <= index) > + if (number <= index || !id) > return BP_RESULT_BADINPUT; > > *src_object_id = object_id_from_bios_object_id(id[index]); > -- > 1.9.1 > > > _______________________________________________ > amd-gfx mailing list > amd-gfx@lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/amd-gfx _______________________________________________ dri-devel mailing list dri-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/dri-devel From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.3 required=3.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2AE54C388F2 for ; Thu, 22 Oct 2020 05:02:53 +0000 (UTC) Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id B577220657 for ; Thu, 22 Oct 2020 05:02:52 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="dZDXR6Tk" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B577220657 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=amd-gfx-bounces@lists.freedesktop.org Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 4B41F6E34B; Thu, 22 Oct 2020 05:02:52 +0000 (UTC) Received: from mail-wm1-x341.google.com (mail-wm1-x341.google.com [IPv6:2a00:1450:4864:20::341]) by gabe.freedesktop.org (Postfix) with ESMTPS id C5C946E34B; Thu, 22 Oct 2020 05:02:51 +0000 (UTC) Received: by mail-wm1-x341.google.com with SMTP id d3so453416wma.4; Wed, 21 Oct 2020 22:02:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=4wrpDjbP4w2xCq7mdzj75yVVv1DI/Z3nNPuhthG3gKU=; b=dZDXR6TkXw2gxAmMluY+wCv51B853jen6oLPQSb3pqaYX1NYXPCBu+tBYr79b1KxxH yDiwdTtKWgVb55jLnnlwao1splHVI/kvnrvnmoLPxh6MyMVdyjHeClDdM1O3KnH37/wH nSUJRQXbChgevvcfgH9083sSEYrHT8svseDw/KihzWi1JiopHkBZ+PLZjyiV/pxe3/HR mukUPHM9yVVdu35GhFjnSQ6y6qCnLmH+f/rWAJ25qOs2cHrl+0MgQk4Jc48+/iw4loGZ l5WrOEOtg7V5LIWx2fKr6ZOFOq/Do4n0fwB1NyNQa2pS83IHcW1v/DSJmGS/vgddw7Ci E/kA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=4wrpDjbP4w2xCq7mdzj75yVVv1DI/Z3nNPuhthG3gKU=; b=OEh+huW32uR7dfEwTD8BvynaMTf9Px80NYuyoP/q8/RTuBfK7ELE6uDIa56qoXr25H cD9+CqcVzJrq24ej6SrJmMTx+59w2WeBZcld4nA+SV2zFGGLiDYwICt61liFvGQJ2LJA xX0MblBwhTHTYBBxn+EaBd0B6nxvRNAv9FlPakBo/JmOGEE5M/wp5jPCDYOEDQ59+fua rDYBMCyX13Ulot1lwGJhyPwn7YspdWUenaTLsw8y0mf2jb7UMGU+htWVRSCXy0qWsbQa AHyxykFjITES5P4kE7MA80/Vpqv1o38sz7JYbyS2/45T1e+4fIKJYvaxKaA94HuMRbsx UGAA== X-Gm-Message-State: AOAM533mN3tdG9gjniXINgll+vljvYP/kg0FpfuF8hqfWRAX5EMEv39F fMzRyGOVzR50JIbg7FIu495zhy3tpWEMoWV8ozE= X-Google-Smtp-Source: ABdhPJxMFoQB7LByS4OaQ1rQSqobrtazTFawEDpuosydZ97IIqDtpTgXrJT1bdZ4KeaMqoXWb3c/tqEul4MnOhdibCw= X-Received: by 2002:a1c:6302:: with SMTP id x2mr207443wmb.56.1603342970516; Wed, 21 Oct 2020 22:02:50 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Alex Deucher Date: Thu, 22 Oct 2020 01:02:38 -0400 Message-ID: Subject: Re: [PATCH] drm/amd/display: fix a possible NULL pointer dereference in bios_parser_get_src_obj() To: estherbdf <603571786@qq.com> X-BeenThere: amd-gfx@lists.freedesktop.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion list for AMD gfx List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: amd-gfx list , Maling list - DRI developers , Daniel Vetter , LKML Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: amd-gfx-bounces@lists.freedesktop.org Sender: "amd-gfx" On Mon, Oct 19, 2020 at 8:38 AM estherbdf <603571786@qq.com> wrote: > > [Why] the func bios_parser_get_src_obj () is similar to bios_parser_get_dst_obj () which is fixed by the commit("drm/amd/display: Banch of smatch error and warning fixes in DC"). > the symbol 'id' is uninitialized and it is not checked before dereference it,may lead to null pointer dereference. > [How] Initialized variable explicitly with NULL and add sanitizer. I think the current code is safe as is. get_src_obj_list() will return 0 if *id_list is NULL and bios_parser_get_src_obj() checks if number <= index. Alex > > Signed-off-by: estherbdf <603571786@qq.com> > --- > drivers/gpu/drm/amd/display/dc/bios/bios_parser.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c b/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c > index 008d4d1..94c6cca 100644 > --- a/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c > +++ b/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c > @@ -190,7 +190,7 @@ static enum bp_result bios_parser_get_src_obj(struct dc_bios *dcb, > struct graphics_object_id *src_object_id) > { > uint32_t number; > - uint16_t *id; > + uint16_t *id = NULL; > ATOM_OBJECT *object; > struct bios_parser *bp = BP_FROM_DCB(dcb); > > @@ -206,7 +206,7 @@ static enum bp_result bios_parser_get_src_obj(struct dc_bios *dcb, > > number = get_src_obj_list(bp, object, &id); > > - if (number <= index) > + if (number <= index || !id) > return BP_RESULT_BADINPUT; > > *src_object_id = object_id_from_bios_object_id(id[index]); > -- > 1.9.1 > > > _______________________________________________ > amd-gfx mailing list > amd-gfx@lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/amd-gfx _______________________________________________ amd-gfx mailing list amd-gfx@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/amd-gfx