From: Colin Ian King <colin.king@xxxxxxxxxxxxx> Currently, if adev->pp_enabled is false then the pp_stats_info data is not read and hence a garbage number of states from the stack is used to dump out the number of states. Given data.nums could be any random value, this could easily lead to read outside the data.states array. Fix this by setting data.nums to zero if adev->pp_enabled is false. Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx> --- drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c index accc908..808d788 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c @@ -195,6 +195,8 @@ static ssize_t amdgpu_get_pp_num_states(struct device *dev, if (adev->pp_enabled) amdgpu_dpm_get_pp_num_states(adev, &data); + else + data.nums = 0; buf_len = snprintf(buf, PAGE_SIZE, "states: %d\n", data.nums); for (i = 0; i < data.nums; i++) -- 2.9.3 _______________________________________________ dri-devel mailing list dri-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/dri-devel
