geemili
/
drm
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

amdgpu: Do not write beyond allocated memory when parsing ids 

Fixes crash when/usr/share/libdrm/amdgpu.ids contains ASIC_ID_TABLE_NUM_ENTRIES + 1 entries.

Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=102432
Fixes: 7e6bf88cac (amdgpu: move asic id table to a separate file)
Signed-off-by: Jan Vesely <jan.vesely@rutgers.edu>
Reviewed-by: Michel Dänzer <michel.daenzer@amd.com>
main
Jan Vesely 2017-09-01 14:49:19 -04:00
parent 05a830d382
commit d55d0804f9
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
amdgpu/amdgpu_asic_id.c
View File

@ -186,19 +186,20 @@ int amdgpu_parse_asic_ids(struct amdgpu_asic_id **p_asic_id_table)
table_size++;
}
/* end of table */
id = asic_id_table + table_size;
memset(id, 0, sizeof(struct amdgpu_asic_id));
if (table_size != table_max_size) {
id = realloc(asic_id_table, (table_size + 1) *
sizeof(struct amdgpu_asic_id));
if (!id)
if (!id) {
r = -ENOMEM;
else
asic_id_table = id;
goto free;
}
asic_id_table = id;
}
/* end of table */
id = asic_id_table + table_size;
memset(id, 0, sizeof(struct amdgpu_asic_id));
free:
free(line);