> -----Original Message----- > From: Intel-gfx <intel-gfx-boun...@lists.freedesktop.org> On Behalf Of Luca > Coelho > Sent: 09 September 2025 14:00 > To: intel-gfx@lists.freedesktop.org > Subject: [PATCH] drm/i915/dmc: explicitly sanitize num_entries from > package_header > > num_entries comes from package_header, which is read from an external > firmware blob and thus untrusted. In parse_dmc_fw_package() we assign > package_header->num_entries to a local variable, but the range check still > uses the struct field directly. > > Switch the check to use the local copy instead. This makes the sanitization > explicit and avoids a redundant dereference. > > Signed-off-by: Luca Coelho <luciano.coe...@intel.com> > --- > drivers/gpu/drm/i915/display/intel_dmc.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/i915/display/intel_dmc.c > b/drivers/gpu/drm/i915/display/intel_dmc.c > index 77a0199f9ea5..517bebb0b4aa 100644 > --- a/drivers/gpu/drm/i915/display/intel_dmc.c > +++ b/drivers/gpu/drm/i915/display/intel_dmc.c > @@ -1141,7 +1141,7 @@ parse_dmc_fw_package(struct intel_dmc *dmc, > } > > num_entries = package_header->num_entries; > - if (WARN_ON(package_header->num_entries > max_entries)) > + if (WARN_ON(num_entries > max_entries)) LGTM Reviewed-by: Mitul Golani <mitulkumar.ajitkumar.gol...@intel.com> > num_entries = max_entries; > > fw_info = (const struct intel_fw_info *) > -- > 2.50.1
RE: [PATCH] drm/i915/dmc: explicitly sanitize num_entries from package_header
Golani, Mitulkumar Ajitkumar Tue, 16 Sep 2025 08:52:03 -0700
- [PATCH] drm/i915/dmc: explicitly sanitize num... Luca Coelho
- ✓ i915.CI.BAT: success for drm/i915/dmc:... Patchwork
- RE: [PATCH] drm/i915/dmc: explicitly san... Golani, Mitulkumar Ajitkumar
