Re: [PATCH] drivers: gpu: drm: radeon: possible buffer overflow
From: Alex Deucher
Date: Fri Aug 18 2023 - 12:18:11 EST
Applied. Thanks!
On Thu, Aug 17, 2023 at 7:34 AM Konstantin Meskhidze
<konstantin.meskhidze@xxxxxxxxxx> wrote:
>
> Buffer 'afmt_status' of size 6 could overflow, since index 'afmt_idx' is
> checked after access.
>
> Fixes: 5cc4e5fc293b ("drm/radeon: Cleanup HDMI audio interrupt handling for evergreen")
> Co-developed-by: Ivanov Mikhail <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx>
> Signed-off-by: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
> ---
> drivers/gpu/drm/radeon/evergreen.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/gpu/drm/radeon/evergreen.c b/drivers/gpu/drm/radeon/evergreen.c
> index 4f06356d9..f0ae087be 100644
> --- a/drivers/gpu/drm/radeon/evergreen.c
> +++ b/drivers/gpu/drm/radeon/evergreen.c
> @@ -4821,14 +4821,15 @@ int evergreen_irq_process(struct radeon_device *rdev)
> break;
> case 44: /* hdmi */
> afmt_idx = src_data;
> - if (!(afmt_status[afmt_idx] & AFMT_AZ_FORMAT_WTRIG))
> - DRM_DEBUG("IH: IH event w/o asserted irq bit?\n");
> -
> if (afmt_idx > 5) {
> DRM_ERROR("Unhandled interrupt: %d %d\n",
> src_id, src_data);
> break;
> }
> +
> + if (!(afmt_status[afmt_idx] & AFMT_AZ_FORMAT_WTRIG))
> + DRM_DEBUG("IH: IH event w/o asserted irq bit?\n");
> +
> afmt_status[afmt_idx] &= ~AFMT_AZ_FORMAT_WTRIG;
> queue_hdmi = true;
> DRM_DEBUG("IH: HDMI%d\n", afmt_idx + 1);
> --
> 2.34.1
>