From: Wen Yang <[email protected]>
The following errors occurred when using gcc 7.5.0-3ubuntu1~18.04:
drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c: In function ‘dc_stream_remove_writeback’:
drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c:543:55: warning: array subscript is above array bounds [-Warray-bounds]
stream->writeback_info[j] = stream->writeback_info[i];
~~~~~~~~~~~~~~~~~~~~~~^~~
Add a check to make sure that num_wb_info won't overflowing the writeback_info buffer.
Fixes: 6fbefb84a98e ("drm/amd/display: Add DC core changes for DCN2")
Signed-off-by: Wen Yang <[email protected]>
Cc: Aurabindo Pillai <[email protected]>
Cc: Hamza Mahfooz <[email protected]>
Cc: Guenter Roeck <[email protected]>
Cc: Alex Deucher <[email protected]>
Cc: Harry Wentland <[email protected]>
Cc: Leo Li <[email protected]>
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
---
drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_stream.c b/drivers/gpu/drm/amd/display/dc/core/dc_stream.c
index 20e534f73513..9825c30f2ca0 100644
--- a/drivers/gpu/drm/amd/display/dc/core/dc_stream.c
+++ b/drivers/gpu/drm/amd/display/dc/core/dc_stream.c
@@ -481,6 +481,7 @@ bool dc_stream_add_writeback(struct dc *dc,
}
if (!isDrc) {
+ ASSERT(stream->num_wb_info + 1 <= MAX_DWB_PIPES);
stream->writeback_info[stream->num_wb_info++] = *wb_info;
}
@@ -526,6 +527,11 @@ bool dc_stream_remove_writeback(struct dc *dc,
return false;
}
+ if (stream->num_wb_info > MAX_DWB_PIPES) {
+ dm_error("DC: num_wb_info is invalid!\n");
+ return false;
+ }
+
// stream->writeback_info[dwb_pipe_inst].wb_enabled = false;
for (i = 0; i < stream->num_wb_info; i++) {
/*dynamic update*/
@@ -540,7 +546,8 @@ bool dc_stream_remove_writeback(struct dc *dc,
if (stream->writeback_info[i].wb_enabled) {
if (j < i)
/* trim the array */
- stream->writeback_info[j] = stream->writeback_info[i];
+ memcpy(&stream->writeback_info[j], &stream->writeback_info[i],
+ sizeof(struct dc_writeback_info));
j++;
}
}
--
2.25.1
On 12/25/22 10:10, [email protected] wrote:
> From: Wen Yang <[email protected]>
>
> The following errors occurred when using gcc 7.5.0-3ubuntu1~18.04:
> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c: In function ‘dc_stream_remove_writeback’:
> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_stream.c:543:55: warning: array subscript is above array bounds [-Warray-bounds]
> stream->writeback_info[j] = stream->writeback_info[i];
> ~~~~~~~~~~~~~~~~~~~~~~^~~
> Add a check to make sure that num_wb_info won't overflowing the writeback_info buffer.
>
> Fixes: 6fbefb84a98e ("drm/amd/display: Add DC core changes for DCN2")
>
> Signed-off-by: Wen Yang <[email protected]>
> Cc: Aurabindo Pillai <[email protected]>
> Cc: Hamza Mahfooz <[email protected]>
> Cc: Guenter Roeck <[email protected]>
> Cc: Alex Deucher <[email protected]>
> Cc: Harry Wentland <[email protected]>
> Cc: Leo Li <[email protected]>
> Cc: [email protected]
> Cc: [email protected]
> Cc: [email protected]
Applied, thanks!
> ---
> drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_stream.c b/drivers/gpu/drm/amd/display/dc/core/dc_stream.c
> index 20e534f73513..9825c30f2ca0 100644
> --- a/drivers/gpu/drm/amd/display/dc/core/dc_stream.c
> +++ b/drivers/gpu/drm/amd/display/dc/core/dc_stream.c
> @@ -481,6 +481,7 @@ bool dc_stream_add_writeback(struct dc *dc,
> }
>
> if (!isDrc) {
> + ASSERT(stream->num_wb_info + 1 <= MAX_DWB_PIPES);
> stream->writeback_info[stream->num_wb_info++] = *wb_info;
> }
>
> @@ -526,6 +527,11 @@ bool dc_stream_remove_writeback(struct dc *dc,
> return false;
> }
>
> + if (stream->num_wb_info > MAX_DWB_PIPES) {
> + dm_error("DC: num_wb_info is invalid!\n");
> + return false;
> + }
> +
> // stream->writeback_info[dwb_pipe_inst].wb_enabled = false;
> for (i = 0; i < stream->num_wb_info; i++) {
> /*dynamic update*/
> @@ -540,7 +546,8 @@ bool dc_stream_remove_writeback(struct dc *dc,
> if (stream->writeback_info[i].wb_enabled) {
> if (j < i)
> /* trim the array */
> - stream->writeback_info[j] = stream->writeback_info[i];
> + memcpy(&stream->writeback_info[j], &stream->writeback_info[i],
> + sizeof(struct dc_writeback_info));
> j++;
> }
> }
--
Hamza