From: Hans de Goede <hdegoede@redhat.com>
To: Maxime Ripard <mripard@kernel.org>,
Sean Paul <seanpaul@chromium.org>,
Daniel Vetter <daniel.vetter@intel.com>,
David Airlie <airlied@linux.ie>
Cc: "Hans de Goede" <hdegoede@redhat.com>,
"Derek Basehore" <dbasehore@chromium.org>,
"Mathieu Alexandre-Tétreault" <alexandretm@amotus.ca>,
dri-devel@lists.freedesktop.org
Subject: [PATCH v2 01/13] drm/modes: parse_cmdline: Fix possible reference past end of string
Date: Wed, 13 Nov 2019 17:44:22 +0100 [thread overview]
Message-ID: <20191113164434.254159-1-hdegoede@redhat.com> (raw)
Before this commit, if the last option of a video=... option is for
example "rotate" without a "=<value>" after it then delim will point to
the terminating 0 of the string, and value which is sets to <delim + 1>
will point one position past the end of the string.
This commit fixes this by enforcing that the contents of delim equals '='
as it should be for options which take a value, this check is done in a
new drm_mode_parse_cmdline_int helper function which factors out the
common integer parsing code for all the options which take an int.
Acked-by: Maxime Ripard <mripard@kernel.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
drivers/gpu/drm/drm_modes.c | 68 ++++++++++++++++---------------------
1 file changed, 30 insertions(+), 38 deletions(-)
diff --git a/drivers/gpu/drm/drm_modes.c b/drivers/gpu/drm/drm_modes.c
index 88232698d7a0..3c3c7435225f 100644
--- a/drivers/gpu/drm/drm_modes.c
+++ b/drivers/gpu/drm/drm_modes.c
@@ -1568,11 +1568,34 @@ static int drm_mode_parse_cmdline_res_mode(const char *str, unsigned int length,
return 0;
}
+static int drm_mode_parse_cmdline_int(const char *delim, unsigned int *int_ret)
+{
+ const char *value;
+ char *endp;
+
+ /*
+ * delim must point to the '=', otherwise it is a syntax error and
+ * if delim points to the terminating zero, then delim + 1 wil point
+ * past the end of the string.
+ */
+ if (*delim != '=')
+ return -EINVAL;
+
+ value = delim + 1;
+ *int_ret = simple_strtol(value, &endp, 10);
+
+ /* Make sure we have parsed something */
+ if (endp == value)
+ return -EINVAL;
+
+ return 0;
+}
+
static int drm_mode_parse_cmdline_options(char *str, size_t len,
const struct drm_connector *connector,
struct drm_cmdline_mode *mode)
{
- unsigned int rotation = 0;
+ unsigned int deg, margin, rotation = 0;
char *sep = str;
while ((sep = strchr(sep, ','))) {
@@ -1588,13 +1611,7 @@ static int drm_mode_parse_cmdline_options(char *str, size_t len,
}
if (!strncmp(option, "rotate", delim - option)) {
- const char *value = delim + 1;
- unsigned int deg;
-
- deg = simple_strtol(value, &sep, 10);
-
- /* Make sure we have parsed something */
- if (sep == value)
+ if (drm_mode_parse_cmdline_int(delim, °))
return -EINVAL;
switch (deg) {
@@ -1619,57 +1636,32 @@ static int drm_mode_parse_cmdline_options(char *str, size_t len,
}
} else if (!strncmp(option, "reflect_x", delim - option)) {
rotation |= DRM_MODE_REFLECT_X;
- sep = delim;
} else if (!strncmp(option, "reflect_y", delim - option)) {
rotation |= DRM_MODE_REFLECT_Y;
- sep = delim;
} else if (!strncmp(option, "margin_right", delim - option)) {
- const char *value = delim + 1;
- unsigned int margin;
-
- margin = simple_strtol(value, &sep, 10);
-
- /* Make sure we have parsed something */
- if (sep == value)
+ if (drm_mode_parse_cmdline_int(delim, &margin))
return -EINVAL;
mode->tv_margins.right = margin;
} else if (!strncmp(option, "margin_left", delim - option)) {
- const char *value = delim + 1;
- unsigned int margin;
-
- margin = simple_strtol(value, &sep, 10);
-
- /* Make sure we have parsed something */
- if (sep == value)
+ if (drm_mode_parse_cmdline_int(delim, &margin))
return -EINVAL;
mode->tv_margins.left = margin;
} else if (!strncmp(option, "margin_top", delim - option)) {
- const char *value = delim + 1;
- unsigned int margin;
-
- margin = simple_strtol(value, &sep, 10);
-
- /* Make sure we have parsed something */
- if (sep == value)
+ if (drm_mode_parse_cmdline_int(delim, &margin))
return -EINVAL;
mode->tv_margins.top = margin;
} else if (!strncmp(option, "margin_bottom", delim - option)) {
- const char *value = delim + 1;
- unsigned int margin;
-
- margin = simple_strtol(value, &sep, 10);
-
- /* Make sure we have parsed something */
- if (sep == value)
+ if (drm_mode_parse_cmdline_int(delim, &margin))
return -EINVAL;
mode->tv_margins.bottom = margin;
} else {
return -EINVAL;
}
+ sep = delim;
}
mode->rotation_reflection = rotation;
--
2.23.0
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
next reply other threads:[~2019-11-13 16:44 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-13 16:44 Hans de Goede [this message]
2019-11-13 16:44 ` [PATCH v2 02/13] drm/modes: parse_cmdline: Make various char pointers const Hans de Goede
2019-11-13 16:44 ` [PATCH v2 03/13] drm/modes: parse_cmdline: Stop parsing extras after bpp / refresh at ', ' Hans de Goede
2019-11-13 16:44 ` [PATCH v2 04/13] drm/modes: parse_cmdline: Accept extras directly after mode combined with options Hans de Goede
2019-11-13 16:44 ` [PATCH v2 05/13] drm/modes: parse_cmdline: Rework drm_mode_parse_cmdline_options() Hans de Goede
2019-11-13 16:44 ` [PATCH v2 06/13] drm/modes: parse_cmdline: Add freestanding argument to drm_mode_parse_cmdline_options() Hans de Goede
2019-11-13 16:44 ` [PATCH v2 07/13] drm/modes: parse_cmdline: Set bpp/refresh_specified after successful parsing Hans de Goede
2019-11-13 16:44 ` [PATCH v2 08/13] drm/modes: parse_cmdline: Allow specifying stand-alone options Hans de Goede
2019-11-13 16:44 ` [PATCH v2 09/13] drm/modes: parse_cmdline: Add support for specifying panel_orientation (v2) Hans de Goede
2019-11-18 12:25 ` Maxime Ripard
2019-11-13 16:44 ` [PATCH v2 10/13] drm/modes: parse_cmdline: Remove some unnecessary code (v2) Hans de Goede
2019-11-18 12:25 ` Maxime Ripard
2019-11-13 16:44 ` [PATCH v2 11/13] drm/modes: parse_cmdline: Explicitly memset the passed in drm_cmdline_mode struct Hans de Goede
2019-11-18 8:28 ` [drm/modes] 1ea4d22f11: BUG:kernel_NULL_pointer_dereference,address kernel test robot
2019-11-18 8:28 ` [drm/modes] 1ea4d22f11: BUG:kernel_NULL_pointer_dereference, address kernel test robot
2019-11-18 8:28 ` [drm/modes] 1ea4d22f11: BUG:kernel_NULL_pointer_dereference,address kernel test robot
2019-11-18 12:28 ` [PATCH v2 11/13] drm/modes: parse_cmdline: Explicitly memset the passed in drm_cmdline_mode struct Maxime Ripard
2019-11-18 12:33 ` Hans de Goede
2019-11-18 12:58 ` Maxime Ripard
2019-11-18 14:26 ` Hans de Goede
2019-11-13 16:44 ` [PATCH v2 12/13] drm/connector: Split out orientation quirk detection (v2) Hans de Goede
2019-11-13 16:44 ` [PATCH v2 13/13] drm/connector: Hookup the new drm_cmdline_mode panel_orientation member Hans de Goede
2019-11-18 12:25 ` Maxime Ripard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191113164434.254159-1-hdegoede@redhat.com \
--to=hdegoede@redhat.com \
--cc=airlied@linux.ie \
--cc=alexandretm@amotus.ca \
--cc=daniel.vetter@intel.com \
--cc=dbasehore@chromium.org \
--cc=dri-devel@lists.freedesktop.org \
--cc=mripard@kernel.org \
--cc=seanpaul@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.