Commit 4fc1ba4a authored by Aurabindo Pillai's avatar Aurabindo Pillai Committed by Alex Deucher
Browse files

drm/amd/display: fix array index out of bound error in bios parser 



[Why&How]
Firmware headers dictate that gpio_pin array only has a size of 8. The
count returned from vbios however is greater than 8.

Fix this by not using array indexing but incrementing the pointer since
gpio_pin definition in atomfirmware.h is hardcoded to size 8

Reviewed-by: default avatarMartin Leung <Martin.Leung@amd.com>
Acked-by: default avatarTom Chung <chiahsuan.chung@amd.com>
Signed-off-by: default avatarAurabindo Pillai <aurabindo.pillai@amd.com>
Tested-by: default avatarDaniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: default avatarAlex Deucher <alexander.deucher@amd.com>
parent 6f881626

drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c

+7 −9
Original line number Diff line number Diff line
@@ -462,6 +462,7 @@ static enum bp_result get_gpio_i2c_info( 
	uint32_t count = 0;

	unsigned int table_index = 0;

	bool find_valid = false;

	struct atom_gpio_pin_assignment *pin;



	if (!info)

		return BP_RESULT_BADINPUT;
@@ -489,20 +490,17 @@ static enum bp_result get_gpio_i2c_info( 
			- sizeof(struct atom_common_table_header))

				/ sizeof(struct atom_gpio_pin_assignment);



	pin = (struct atom_gpio_pin_assignment *) header->gpio_pin;



	for (table_index = 0; table_index < count; table_index++) {

		if (((record->i2c_id & I2C_HW_CAP) == (

		header->gpio_pin[table_index].gpio_id &

						I2C_HW_CAP)) &&

		((record->i2c_id & I2C_HW_ENGINE_ID_MASK)  ==

		(header->gpio_pin[table_index].gpio_id &

					I2C_HW_ENGINE_ID_MASK)) &&

		((record->i2c_id & I2C_HW_LANE_MUX) ==

		(header->gpio_pin[table_index].gpio_id &

						I2C_HW_LANE_MUX))) {

		if (((record->i2c_id & I2C_HW_CAP) 				== (pin->gpio_id & I2C_HW_CAP)) &&

		    ((record->i2c_id & I2C_HW_ENGINE_ID_MASK)	== (pin->gpio_id & I2C_HW_ENGINE_ID_MASK)) &&

		    ((record->i2c_id & I2C_HW_LANE_MUX) 		== (pin->gpio_id & I2C_HW_LANE_MUX))) {

			/* still valid */

			find_valid = true;

			break;

		}

		pin = (struct atom_gpio_pin_assignment *)((uint8_t *)pin + sizeof(struct atom_gpio_pin_assignment));

	}



	/* If we don't find the entry that we are looking for then