On Mon, Mar 29, 2021 at 04:37:21PM +0300, Jani Nikula wrote: > The DisplayID specifications explicitly call out 0 as a valid payload > length for data blocks. The mere presence of a data block, or the > information coded in the block specific data (bits 7:3 in offset 1), may > be enough to convey the necessary information. > > Signed-off-by: Jani Nikula <jani.nikula@xxxxxxxxx> Reviewed-by: Ville Syrjälä <ville.syrjala@xxxxxxxxxxxxxxx> Though after looking at the current users it looks to me like we're missing some block length checks. In particular drm_parse_tiled_block() looks suspect. Judging by what I wrote in cea_db_offsets() I think I once convinced myself that the CEA ext block stuff is safe. And add_displayid_detailed_1_modes() looks OK as well. > --- > drivers/gpu/drm/drm_displayid.c | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > > diff --git a/drivers/gpu/drm/drm_displayid.c b/drivers/gpu/drm/drm_displayid.c > index 902ff6114b68..e0b9e58a9dc8 100644 > --- a/drivers/gpu/drm/drm_displayid.c > +++ b/drivers/gpu/drm/drm_displayid.c > @@ -77,8 +77,7 @@ displayid_iter_block(const struct displayid_iter *iter) > block = (const struct displayid_block *)&iter->section[iter->idx]; > > if (iter->idx + sizeof(*block) <= iter->length && > - iter->idx + sizeof(*block) + block->num_bytes <= iter->length && > - block->num_bytes > 0) > + iter->idx + sizeof(*block) + block->num_bytes <= iter->length) > return block; > > return NULL; > -- > 2.20.1 -- Ville Syrjälä Intel _______________________________________________ Intel-gfx mailing list Intel-gfx@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/intel-gfx