Hi, Static analysis with Coverity has detected a potential issue with function validate_bksv in drivers/gpu/drm/amd/display/modules/hdcp/hdcp1_execution.c with recent commit: commit ed9d8e2bcb003ec94658cafe9b1bb3960e2139ec Author: Bhawanpreet Lakha <Bhawanpreet.Lakha@xxxxxxx> Date: Tue Aug 6 17:52:01 2019 -0400 drm/amd/display: Add HDCP module The analysis is as follows: 28 static inline enum mod_hdcp_status validate_bksv(struct mod_hdcp *hdcp) 29 { CID 89852 (#1 of 1): Out-of-bounds read (OVERRUN) 1. overrun-local: Overrunning array of 5 bytes at byte offset 7 by dereferencing pointer (uint64_t *)hdcp->auth.msg.hdcp1.bksv. 30 uint64_t n = *(uint64_t *)hdcp->auth.msg.hdcp1.bksv; 31 uint8_t count = 0; 32 33 while (n) { 34 count++; 35 n &= (n - 1); 36 } hdcp->auth.msg.hdcp1.bksv is an array of 5 uint8_t as defined in drivers/gpu/drm/amd/display/modules/hdcp/hdcp.h as follows: struct mod_hdcp_message_hdcp1 { uint8_t an[8]; uint8_t aksv[5]; uint8_t ainfo; uint8_t bksv[5]; uint16_t r0p; uint8_t bcaps; uint16_t bstatus; uint8_t ksvlist[635]; uint16_t ksvlist_size; uint8_t vp[20]; uint16_t binfo_dp; }; variable n is going to contain the contains of r0p and bcaps. I'm not sure if that is intentional. If not, then the count is going to be incorrect if these are non-zero. Colin _______________________________________________ dri-devel mailing list dri-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/dri-devel