diff options
| author | Jan Vesely <jan.vesely@rutgers.edu> | 2017-09-01 14:49:19 -0400 |
|---|---|---|
| committer | Jan Vesely <jan.vesely@rutgers.edu> | 2017-09-04 23:48:54 -0400 |
| commit | d55d0804f9e37637d7510f38f97e07a50c6b7baa (patch) | |
| tree | 7526b9ed8eb74abc7e17794233497d83ff317816 | |
| parent | 05a830d382382905d87b55af90aa109fb76e4c16 (diff) | |
amdgpu: Do not write beyond allocated memory when parsing ids
Fixes crash when/usr/share/libdrm/amdgpu.ids contains ASIC_ID_TABLE_NUM_ENTRIES + 1 entries.
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=102432
Fixes: 7e6bf88cac315a9fa41818cf72a7b5d18a2cb1fc (amdgpu: move asic id table to a separate file)
Signed-off-by: Jan Vesely <jan.vesely@rutgers.edu>
Reviewed-by: Michel Dänzer <michel.daenzer@amd.com>
| -rw-r--r-- | amdgpu/amdgpu_asic_id.c | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/amdgpu/amdgpu_asic_id.c b/amdgpu/amdgpu_asic_id.c index 3a88896b..e8218974 100644 --- a/amdgpu/amdgpu_asic_id.c +++ b/amdgpu/amdgpu_asic_id.c @@ -186,19 +186,20 @@ int amdgpu_parse_asic_ids(struct amdgpu_asic_id **p_asic_id_table) table_size++; } - /* end of table */ - id = asic_id_table + table_size; - memset(id, 0, sizeof(struct amdgpu_asic_id)); - if (table_size != table_max_size) { id = realloc(asic_id_table, (table_size + 1) * sizeof(struct amdgpu_asic_id)); - if (!id) + if (!id) { r = -ENOMEM; - else - asic_id_table = id; + goto free; + } + asic_id_table = id; } + /* end of table */ + id = asic_id_table + table_size; + memset(id, 0, sizeof(struct amdgpu_asic_id)); + free: free(line); |