re: drm/nouveau: port all engines to new engine module format

Dan Carpenter Mon, 11 Mar 2013 03:57:45 -0700

Hello Ben Skeggs,

The patch ebb945a94bba: "drm/nouveau: port all engines to new engine 
module format" from Jul 20, 2012, leads to the following warning:
"drivers/gpu/drm/nouveau/core/engine/graph/nvc0.c:570 
nvc0_graph_ctor()
         error: buffer overflow 'priv->tpc_nr' 4 <= 30"


drivers/gpu/drm/nouveau/core/engine/graph/nvc0.c
   566  
   567          priv->rop_nr = (nv_rd32(priv, 0x409604) & 0x001f0000) >> 16;
   568          priv->gpc_nr =  nv_rd32(priv, 0x409604) & 0x0000001f;
                ^^^^^^^^^^^^
setting this to something between 0 and 0x1f.

   569          for (i = 0; i < priv->gpc_nr; i++) {
   570                  priv->tpc_nr[i]  = nv_rd32(priv, GPC_UNIT(i, 0x2608));
                        ^^^^^^^^^^^^^^^
If ->gpc_nr is more than 4 we are writing past the end of the array.

   571                  priv->tpc_total += priv->tpc_nr[i];
   572          }
   573  

regards,
dan carpenter

_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/dri-devel

re: drm/nouveau: port all engines to new engine module format

Reply via email to