On Tue, 25 Mar 2014 12:57:32 +0000
Chris Wilson <ch...@chris-wilson.co.uk> wrote:
> Make sure that the whole BDB section is within the MMIO region prior to
> accessing it contents. That we don't read outside of the secion is left
> up to the individual section parsers.
>
> Signed-off-by: Chris Wilson <ch...@chris-wilson.co.uk>
> ---
> drivers/gpu/drm/i915/intel_bios.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/i915/intel_bios.c
> b/drivers/gpu/drm/i915/intel_bios.c
> index de9aabe2d8c2..8ca1cd5b2517 100644
> --- a/drivers/gpu/drm/i915/intel_bios.c
> +++ b/drivers/gpu/drm/i915/intel_bios.c
> @@ -49,13 +49,19 @@ find_section(struct bdb_header *bdb, int section_id)
> total = bdb->bdb_size;
>
> /* walk the sections looking for section_id */
> - while (index < total) {
> + while (index + 3 < total) {
> current_id = *(base + index);
> index++;
> +
> current_size = *((u16 *)(base + index));
> index += 2;
> +
> + if (index + current_size > total)
> + return NULL;
> +
> if (current_id == section_id)
> return base + index;
> +
> index += current_size;
> }
>
Oh cool, did we see stuff in the wild where it all went sideways?
--
Jesse Barnes, Intel Open Source Technology Center
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/intel-gfx
