If a encoder name isn't specified for drm_encoder_init() it will try
to construct one based on the incoming encoder_type identifier. If the
caller passes an invalid encoder_type value the lookup could walk right
past the end of the table.
Signed-off-by: Jordan Crouse <jcrouse@xxxxxxxxxxxxxx>
---
drivers/gpu/drm/drm_encoder.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/gpu/drm/drm_encoder.c b/drivers/gpu/drm/drm_encoder.c
index 273e1c59c54a..4cf6c3bb8503 100644
--- a/drivers/gpu/drm/drm_encoder.c
+++ b/drivers/gpu/drm/drm_encoder.c
@@ -128,6 +128,12 @@ int drm_encoder_init(struct drm_device *dev,
encoder->name = kvasprintf(GFP_KERNEL, name, ap);
va_end(ap);
} else {
+ /* Make sure that the requested encoder type is in the list */
+ if (encoder_type >= ARRAY_SIZE(drm_encoder_enum_list)) {
+ ret = -EINVAL;
+ goto out_put;
+ }
+
encoder->name = kasprintf(GFP_KERNEL, "%s-%d",
drm_encoder_enum_list[encoder_type].name,
encoder->base.id);
--
2.17.1
_______________________________________________
dri-devel mailing list
dri-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/dri-devel
