Message ID | d562dff99ba7c92accb654a99b433bed471e8507.1617024940.git.jani.nikula@intel.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | drm/edid: overhaul displayid iterator | expand |
On Mon, Mar 29, 2021 at 04:37:21PM +0300, Jani Nikula wrote: > The DisplayID specifications explicitly call out 0 as a valid payload > length for data blocks. The mere presence of a data block, or the > information coded in the block specific data (bits 7:3 in offset 1), may > be enough to convey the necessary information. > > Signed-off-by: Jani Nikula <jani.nikula@intel.com> Reviewed-by: Ville Syrjälä <ville.syrjala@linux.intel.com> Though after looking at the current users it looks to me like we're missing some block length checks. In particular drm_parse_tiled_block() looks suspect. Judging by what I wrote in cea_db_offsets() I think I once convinced myself that the CEA ext block stuff is safe. And add_displayid_detailed_1_modes() looks OK as well. > --- > drivers/gpu/drm/drm_displayid.c | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > > diff --git a/drivers/gpu/drm/drm_displayid.c b/drivers/gpu/drm/drm_displayid.c > index 902ff6114b68..e0b9e58a9dc8 100644 > --- a/drivers/gpu/drm/drm_displayid.c > +++ b/drivers/gpu/drm/drm_displayid.c > @@ -77,8 +77,7 @@ displayid_iter_block(const struct displayid_iter *iter) > block = (const struct displayid_block *)&iter->section[iter->idx]; > > if (iter->idx + sizeof(*block) <= iter->length && > - iter->idx + sizeof(*block) + block->num_bytes <= iter->length && > - block->num_bytes > 0) > + iter->idx + sizeof(*block) + block->num_bytes <= iter->length) > return block; > > return NULL; > -- > 2.20.1
diff --git a/drivers/gpu/drm/drm_displayid.c b/drivers/gpu/drm/drm_displayid.c index 902ff6114b68..e0b9e58a9dc8 100644 --- a/drivers/gpu/drm/drm_displayid.c +++ b/drivers/gpu/drm/drm_displayid.c @@ -77,8 +77,7 @@ displayid_iter_block(const struct displayid_iter *iter) block = (const struct displayid_block *)&iter->section[iter->idx]; if (iter->idx + sizeof(*block) <= iter->length && - iter->idx + sizeof(*block) + block->num_bytes <= iter->length && - block->num_bytes > 0) + iter->idx + sizeof(*block) + block->num_bytes <= iter->length) return block; return NULL;
The DisplayID specifications explicitly call out 0 as a valid payload length for data blocks. The mere presence of a data block, or the information coded in the block specific data (bits 7:3 in offset 1), may be enough to convey the necessary information. Signed-off-by: Jani Nikula <jani.nikula@intel.com> --- drivers/gpu/drm/drm_displayid.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)