| Message ID | 20240528112901.476068-2-luciano.coelho@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | drm/i915: prevent some static analyzer warnings | expand |
On Tue, May 28, 2024 at 02:29:00PM +0300, Luca Coelho wrote: > During static analysis, a concern was raised that we may access the > dtd->dtd[] array out of bounds, because we are not checking whether > the index we use is larger than the array. > > This should not be a problem as is, because the enumeration that is > used for this index comes from "panel_type", which uses an enumeration > with 4 items. But if this enumeration is ever changed, it can lead to > hard-to-detect bugs, so better double-check it before using it as an > index to the array. I feel that we might have other cases there that could deserve a protection like this. Reviewed-by: Rodrigo Vivi <rodrigo.vivi@intel.com> > > Signed-off-by: Luca Coelho <luciano.coelho@intel.com> > --- > drivers/gpu/drm/i915/display/intel_bios.c | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > > diff --git a/drivers/gpu/drm/i915/display/intel_bios.c b/drivers/gpu/drm/i915/display/intel_bios.c > index b0a49b2f957f..128fe9250f40 100644 > --- a/drivers/gpu/drm/i915/display/intel_bios.c > +++ b/drivers/gpu/drm/i915/display/intel_bios.c > @@ -1120,6 +1120,18 @@ parse_sdvo_lvds_data(struct drm_i915_private *i915, > if (!dtd) > return; > > + /* > + * This should not happen, as long as the panel_type > + * enumeration doesn't grow over 4 items. But if it does, it > + * could lead to hard-to-detect bugs, so better double-check > + * it here to be sure. > + */ > + if (index >= ARRAY_SIZE(dtd->dtd)) { > + drm_err(&i915->drm, "index %d is larger than dtd->dtd[4] array\n", > + index); > + return; > + } > + > panel_fixed_mode = kzalloc(sizeof(*panel_fixed_mode), GFP_KERNEL); > if (!panel_fixed_mode) > return; > -- > 2.39.2 >
diff --git a/drivers/gpu/drm/i915/display/intel_bios.c b/drivers/gpu/drm/i915/display/intel_bios.c index b0a49b2f957f..128fe9250f40 100644 --- a/drivers/gpu/drm/i915/display/intel_bios.c +++ b/drivers/gpu/drm/i915/display/intel_bios.c @@ -1120,6 +1120,18 @@ parse_sdvo_lvds_data(struct drm_i915_private *i915, if (!dtd) return; + /* + * This should not happen, as long as the panel_type + * enumeration doesn't grow over 4 items. But if it does, it + * could lead to hard-to-detect bugs, so better double-check + * it here to be sure. + */ + if (index >= ARRAY_SIZE(dtd->dtd)) { + drm_err(&i915->drm, "index %d is larger than dtd->dtd[4] array\n", + index); + return; + } + panel_fixed_mode = kzalloc(sizeof(*panel_fixed_mode), GFP_KERNEL); if (!panel_fixed_mode) return;
During static analysis, a concern was raised that we may access the dtd->dtd[] array out of bounds, because we are not checking whether the index we use is larger than the array. This should not be a problem as is, because the enumeration that is used for this index comes from "panel_type", which uses an enumeration with 4 items. But if this enumeration is ever changed, it can lead to hard-to-detect bugs, so better double-check it before using it as an index to the array. Signed-off-by: Luca Coelho <luciano.coelho@intel.com> --- drivers/gpu/drm/i915/display/intel_bios.c | 12 ++++++++++++ 1 file changed, 12 insertions(+)