[PATCH AUTOSEL 4.18 12/45] drm/amd/display: fix bug of accessing invalid memory

From: Sasha Levin
Date: Sun Nov 04 2018 - 09:03:56 EST


From: Su Sung Chung <Su.Chung@xxxxxxx>

[ Upstream commit 43c3ff27a47d83d153c4adc088243ba594582bf5 ]

[Why]
A loop inside of build_evenly_distributed_points function that traverse through
the array of points become an infinite loop when m_GammaUpdates does not
get assigned to any value.

[How]
In DMColor, clear m_gammaIsValid bit just before writting all Zeromem for
m_GammaUpdates, to prevent calling build_evenly_distributed_points
before m_GammaUpdates gets assigned to some value.

Signed-off-by: Su Sung Chung <Su.Chung@xxxxxxx>
Reviewed-by: Aric Cyr <Aric.Cyr@xxxxxxx>
Acked-by: Bhawanpreet Lakha <Bhawanpreet.Lakha@xxxxxxx>
Signed-off-by: Alex Deucher <alexander.deucher@xxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
drivers/gpu/drm/amd/display/modules/color/color_gamma.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/drivers/gpu/drm/amd/display/modules/color/color_gamma.c b/drivers/gpu/drm/amd/display/modules/color/color_gamma.c
index eee0dfad6962..7d9fea6877bc 100644
--- a/drivers/gpu/drm/amd/display/modules/color/color_gamma.c
+++ b/drivers/gpu/drm/amd/display/modules/color/color_gamma.c
@@ -968,10 +968,14 @@ static void build_evenly_distributed_points(
struct dividers dividers)
{
struct gamma_pixel *p = points;
- struct gamma_pixel *p_last = p + numberof_points - 1;
+ struct gamma_pixel *p_last;

uint32_t i = 0;

+ // This function should not gets called with 0 as a parameter
+ ASSERT(numberof_points > 0);
+ p_last = p + numberof_points - 1;
+
do {
struct fixed31_32 value = dc_fixpt_from_fraction(i,
numberof_points - 1);
@@ -982,7 +986,7 @@ static void build_evenly_distributed_points(

++p;
++i;
- } while (i != numberof_points);
+ } while (i < numberof_points);

p->r = dc_fixpt_div(p_last->r, dividers.divider1);
p->g = dc_fixpt_div(p_last->g, dividers.divider1);
--
2.17.1