Re: [PATCH] drm/amd/display: fix array-bounds error in dc_stream_remove_writeback()

From: Guenter Roeck
Date: Thu Oct 06 2022 - 02:46:24 EST

Next message: Sebastian Andrzej Siewior: "Re: [PATCH 2/2] random: spread out jitter callback to different CPUs"
Previous message: Quan Nguyen: "Re: [PATCH v10 3/3] i2c: aspeed: Assert NAK when slave is busy"
Next in thread: Guenter Roeck: "Re: [PATCH] drm/amd/display: fix array-bounds error in dc_stream_remove_writeback()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Sep 27, 2022 at 03:12:00PM -0400, Hamza Mahfooz wrote:
> Address the following error:
> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c: In function ‘dc_stream_remove_writeback’:
> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c:527:55: error: array subscript [0, 0] is outside array bounds of ‘struct dc_writeback_info[1]’ [-Werror=array-bounds]
> 527 | stream->writeback_info[j] = stream->writeback_info[i];
> | ~~~~~~~~~~~~~~~~~~~~~~^~~
> In file included from ./drivers/gpu/drm/amd/amdgpu/../display/dc/dc.h:1269,
> from ./drivers/gpu/drm/amd/amdgpu/../display/dc/inc/core_types.h:29,
> from ./drivers/gpu/drm/amd/amdgpu/../display/dc/basics/dc_common.h:29,
> from drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c:27:
> ./drivers/gpu/drm/amd/amdgpu/../display/dc/dc_stream.h:241:34: note: while referencing ‘writeback_info’
> 241 | struct dc_writeback_info writeback_info[MAX_DWB_PIPES];
> |
>
> Currently, we aren't checking to see if j remains within
> writeback_info[]'s bounds. So, add a check to make sure that we aren't
> overflowing the buffer.
>
> Signed-off-by: Hamza Mahfooz <hamza.mahfooz@xxxxxxx>

With gcc 11.3, this patch doesn't fix a problem, it introduces one.

Building csky:allmodconfig ... failed
--------------
Error log:
drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c: In function 'dc_stream_remove_writeback':
drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c:527:83: error: array subscript 1 is above array bounds of 'struct dc_writeback_info[1]' [-Werror=array-bounds]
527 | stream->writeback_info[j] = stream->writeback_info[i];

Building mips:allmodconfig ... failed
--------------
Error log:
drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c: In function 'dc_stream_remove_writeback':
drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c:527:83: error: array subscript [0, 0] is outside array bounds of 'struct dc_writeback_info[1]' [-Werror=array-bounds]
527 | stream->writeback_info[j] = stream->writeback_info[i];

Building arm:allmodconfig ... failed
--------------
Error log:
drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c: In function 'dc_stream_remove_writeback':
drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c:527:83: error: array subscript [0, 0] is outside array bounds of 'struct dc_writeback_info[1]' [-Werror=array-bounds]
527 | stream->writeback_info[j] = stream->writeback_info[i];

Guenter

Next message: Sebastian Andrzej Siewior: "Re: [PATCH 2/2] random: spread out jitter callback to different CPUs"
Previous message: Quan Nguyen: "Re: [PATCH v10 3/3] i2c: aspeed: Assert NAK when slave is busy"
Next in thread: Guenter Roeck: "Re: [PATCH] drm/amd/display: fix array-bounds error in dc_stream_remove_writeback()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]