tools/intel_vbt_decode: fix division by zero child device size

Real world VBTs keep fuzzing our decoder, this time with a legacy child
devices block #11 that has child_dev_size 0, leading to division by
zero. Check for it, and bail out early, both for legacy and current
child device blocks.

Reviewed-by: Kamil Konieczny <kamil.konieczny@linux.intel.com>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>

1 files changed, 10 insertions, 4 deletions

diff --git a/tools/intel_vbt_decode.c b/tools/intel_vbt_decode.c
index 8f707c1f8..3294f74c2 100644
--- a/tools/intel_vbt_decode.c
+++ b/tools/intel_vbt_decode.c
@@ -1118,8 +1118,6 @@ static void dump_general_definitions(struct context *context,
 	const struct bdb_general_definitions *defs = block_data(block);
 	int child_dev_num;
 
-	child_dev_num = (block->size - sizeof(*defs)) / defs->child_dev_size;
-
 	printf("\tCRT DDC GMBUS addr: 0x%02x\n", defs->crt_ddc_gmbus_pin);
 	printf("\tUse DPMS on AIM devices: %s\n", YESNO(defs->dpms_aim));
 	printf("\tSkip CRT detect at boot: %s\n",
@@ -1129,6 +1127,11 @@ static void dump_general_definitions(struct context *context,
 	printf("\tBoot display type: 0x%02x%02x\n", defs->boot_display[1],
 	       defs->boot_display[0]);
 	printf("\tChild device size: %d\n", defs->child_dev_size);
+
+	if (!defs->child_dev_size)
+		return;
+
+	child_dev_num = (block->size - sizeof(*defs)) / defs->child_dev_size;
 	printf("\tChild device count: %d\n", child_dev_num);
 
 	dump_child_devices(context, defs->devices,
@@ -1141,9 +1144,12 @@ static void dump_legacy_child_devices(struct context *context,
 	const struct bdb_legacy_child_devices *defs = block_data(block);
 	int child_dev_num;
 
-	child_dev_num = (block->size - sizeof(*defs)) / defs->child_dev_size;
-
 	printf("\tChild device size: %d\n", defs->child_dev_size);
+
+	if (!defs->child_dev_size)
+		return;
+
+	child_dev_num = (block->size - sizeof(*defs)) / defs->child_dev_size;
 	printf("\tChild device count: %d\n", child_dev_num);
 
 	dump_child_devices(context, defs->devices,