Re: [PATCH v2 7/8] drm/displayid: allow data blocks with 0 payload length

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Mar 29, 2021 at 04:37:21PM +0300, Jani Nikula wrote:
> The DisplayID specifications explicitly call out 0 as a valid payload
> length for data blocks. The mere presence of a data block, or the
> information coded in the block specific data (bits 7:3 in offset 1), may
> be enough to convey the necessary information.
> 
> Signed-off-by: Jani Nikula <jani.nikula@xxxxxxxxx>

Reviewed-by: Ville Syrjälä <ville.syrjala@xxxxxxxxxxxxxxx>

Though after looking at the current users it looks to me like
we're missing some block length checks. In particular
drm_parse_tiled_block() looks suspect. Judging by what I wrote
in cea_db_offsets() I think I once convinced myself that the
CEA ext block stuff is safe. And add_displayid_detailed_1_modes()
looks OK as well.

> ---
>  drivers/gpu/drm/drm_displayid.c | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
> 
> diff --git a/drivers/gpu/drm/drm_displayid.c b/drivers/gpu/drm/drm_displayid.c
> index 902ff6114b68..e0b9e58a9dc8 100644
> --- a/drivers/gpu/drm/drm_displayid.c
> +++ b/drivers/gpu/drm/drm_displayid.c
> @@ -77,8 +77,7 @@ displayid_iter_block(const struct displayid_iter *iter)
>  	block = (const struct displayid_block *)&iter->section[iter->idx];
>  
>  	if (iter->idx + sizeof(*block) <= iter->length &&
> -	    iter->idx + sizeof(*block) + block->num_bytes <= iter->length &&
> -	    block->num_bytes > 0)
> +	    iter->idx + sizeof(*block) + block->num_bytes <= iter->length)
>  		return block;
>  
>  	return NULL;
> -- 
> 2.20.1

-- 
Ville Syrjälä
Intel
_______________________________________________
Intel-gfx mailing list
Intel-gfx@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/intel-gfx




[Index of Archives]     [AMD Graphics]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux