summaryrefslogtreecommitdiff
path: root/drivers/gpu/nova-core/fsp/git@git.tavy.me:linux.git
diff options
context:
space:
mode:
authorHarry Wentland <harry.wentland@amd.com>2026-06-16 12:17:45 -0400
committerAlex Deucher <alexander.deucher@amd.com>2026-07-01 13:00:40 -0400
commit93c8fe6d56037f284be7116d0c8155847c6d7fbe (patch)
treed94e86c2b8e4ed53c43e2a200d0caf1276bd3219 /drivers/gpu/nova-core/fsp/git@git.tavy.me:linux.git
parent75050390151a14802be433c3856ddcb483cecd24 (diff)
drm/amd/display: guard against overflow in HDCP message dump
[Why] mod_hdcp_dump_binary_message() computed target_size (a uint32_t) as roughly byte_size * msg_size and gated the whole write on buf_size >= target_size. A large msg_size can overflow target_size, wrapping it to a small value that passes the check while the loop still writes byte_size * msg_size bytes into buf. All current callers pass small constants so this is not reachable today, but the unchecked arithmetic should be hardened. [How] Drop the overflow-prone target_size precomputation and instead bounds-check the output position on every iteration, stopping once the next entry would not leave room for the trailing terminator. This cannot overflow and, for oversized messages, dumps as much as fits rather than printing nothing. Fixes: 4c283fdac08a ("drm/amd/display: Add HDCP module") Assisted-by: Copilot:claude-opus-4.8 Reviewed-by: Alex Hung <alex.hung@amd.com> Signed-off-by: Harry Wentland <harry.wentland@amd.com> Signed-off-by: George Zhang <george.zhang@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com> (cherry picked from commit d0a775e5d70b376696245a14c09e3aa6dde0023a) Cc: stable@vger.kernel.org
Diffstat (limited to 'drivers/gpu/nova-core/fsp/git@git.tavy.me:linux.git')
0 files changed, 0 insertions, 0 deletions