Re: [PATCH libdrm 1/1] amdgpu: Do not write beyond allocated memory when parsing ids

2017-09-04 Thread Michel Dänzer 
On 02/09/17 04:05 AM, Jan Vesely wrote:
> Fixes crash when/usr/share/libdrm/amdgpu.ids contains 
> ASIC_ID_TABLE_NUM_ENTRIES + 1 entries.
> 
> Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=102432
> Signed-off-by: Jan Vesely 

Thanks for the good catch.


> diff --git a/amdgpu/amdgpu_asic_id.c b/amdgpu/amdgpu_asic_id.c
> index 3a88896b..e8218974 100644
> --- a/amdgpu/amdgpu_asic_id.c
> +++ b/amdgpu/amdgpu_asic_id.c
> @@ -186,19 +186,20 @@ int amdgpu_parse_asic_ids(struct amdgpu_asic_id 
> **p_asic_id_table)
>   table_size++;
>   }
>  
> - /* end of table */
> - id = asic_id_table + table_size;
> - memset(id, 0, sizeof(struct amdgpu_asic_id));
> -
>   if (table_size != table_max_size) {
>   id = realloc(asic_id_table, (table_size + 1) *
>sizeof(struct amdgpu_asic_id));
> - if (!id)
> + if (!id) {
>   r = -ENOMEM;
> - else
> - asic_id_table = id;
> + goto free;
> + }
> + asic_id_table = id;
>  }
>  
> + /* end of table */
> + id = asic_id_table + table_size;
> + memset(id, 0, sizeof(struct amdgpu_asic_id));
> +
>  free:
>   free(line);
>  
> 

Reviewed-by: Michel Dänzer 


-- 
Earthling Michel Dänzer   |   http://www.amd.com
Libre software enthusiast | Mesa and X developer
___
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel

[PATCH libdrm 1/1] amdgpu: Do not write beyond allocated memory when parsing ids

2017-09-01 Thread Jan Vesely 
Fixes crash when/usr/share/libdrm/amdgpu.ids contains ASIC_ID_TABLE_NUM_ENTRIES 
+ 1 entries.

Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=102432
Signed-off-by: Jan Vesely 
---
Compile tested only.

 amdgpu/amdgpu_asic_id.c | 15 ---
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/amdgpu/amdgpu_asic_id.c b/amdgpu/amdgpu_asic_id.c
index 3a88896b..e8218974 100644
--- a/amdgpu/amdgpu_asic_id.c
+++ b/amdgpu/amdgpu_asic_id.c
@@ -186,19 +186,20 @@ int amdgpu_parse_asic_ids(struct amdgpu_asic_id 
**p_asic_id_table)
table_size++;
}
 
-   /* end of table */
-   id = asic_id_table + table_size;
-   memset(id, 0, sizeof(struct amdgpu_asic_id));
-
if (table_size != table_max_size) {
id = realloc(asic_id_table, (table_size + 1) *
 sizeof(struct amdgpu_asic_id));
-   if (!id)
+   if (!id) {
r = -ENOMEM;
-   else
-   asic_id_table = id;
+   goto free;
+   }
+   asic_id_table = id;
 }
 
+   /* end of table */
+   id = asic_id_table + table_size;
+   memset(id, 0, sizeof(struct amdgpu_asic_id));
+
 free:
free(line);
 
-- 
2.13.5

___
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel