From 75e65a928c49ff8ce0d868aef1a3fae653df430f Mon Sep 17 00:00:00 2001
From: oreo639 <oreo6391@gmail.com>
Date: Thu, 6 Oct 2022 11:44:47 -0700
Subject: [PATCH] igt-gpu-tools: fix buffer overflow

---
 ...t_edid-Allocate-raw-8-bytes-for-VSDB.patch | 42 +++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 srcpkgs/igt-gpu-tools/patches/igt_edid-Allocate-raw-8-bytes-for-VSDB.patch

diff --git a/srcpkgs/igt-gpu-tools/patches/igt_edid-Allocate-raw-8-bytes-for-VSDB.patch b/srcpkgs/igt-gpu-tools/patches/igt_edid-Allocate-raw-8-bytes-for-VSDB.patch
new file mode 100644
index 000000000000..7cc9e289305c
--- /dev/null
+++ b/srcpkgs/igt-gpu-tools/patches/igt_edid-Allocate-raw-8-bytes-for-VSDB.patch
@@ -0,0 +1,42 @@
+From 2107b0a53692fb329175bc16169c3699712187aa Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sat, 27 Feb 2021 14:10:41 -0800
+Subject: [PATCH] lib/igt_edid: Allocate raw 8-bytes for VSDB
+
+hdmi_vsdb is an element of cea_vsdb which makes the size of cea_vsdb to
+be 8 ( 3bytes ieee_oui ) + ( 5bytes hdmi_vsdb struct), its true that we
+only use 7 bytes technically we can only allocate 7byte array but since
+we are writing to elements of hdmi_vsdb struct which is sitting at offet
+4-8 in cea_vsdb, compiler thinks we have an element which is out of
+array bounds since out allocated size is 7bytes
+
+This errors out
+../git/lib/igt_edid.c:365:13: error: array subscript 'struct hdmi_vsdb[0]' is partly outside array bounds of 'char[7]' [-Werror=array-bounds]
+  365 |         hdmi->src_phy_addr[0] = 0x10;
+      |             ^~
+
+allocating one extra byte matches with size of cea_vsdb and compiler is
+happy
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Reviewed-by: Martin Peres <martin.peres@mupuf.org>
+---
+ lib/igt_edid.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/igt_edid.c b/lib/igt_edid.c
+index 1c85486d..ce09cc47 100644
+--- a/lib/igt_edid.c
++++ b/lib/igt_edid.c
+@@ -351,7 +351,7 @@ void cea_sad_init_pcm(struct cea_sad *sad, int channels,
+ const struct cea_vsdb *cea_vsdb_get_hdmi_default(size_t *size)
+ {
+ 	/* We'll generate a VSDB with 2 extension fields. */
+-	static char raw[CEA_VSDB_HDMI_MIN_SIZE + 2] = {0};
++	static char raw[CEA_VSDB_HDMI_MIN_SIZE + 3] = {0};
+ 	struct cea_vsdb *vsdb;
+ 	struct hdmi_vsdb *hdmi;
+ 
+-- 
+GitLab
+