From be423509617d7c54b9d15ac738b5375d3c0650a9 Mon Sep 17 00:00:00 2001 From: oreo639 Date: Thu, 6 Oct 2022 11:44:47 -0700 Subject: [PATCH] igt-gpu-tools: fix buffer overflow --- ...t_edid-Allocate-raw-8-bytes-for-VSDB.patch | 42 +++++++++++++++++++ srcpkgs/igt-gpu-tools/template | 2 +- 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 srcpkgs/igt-gpu-tools/patches/igt_edid-Allocate-raw-8-bytes-for-VSDB.patch diff --git a/srcpkgs/igt-gpu-tools/patches/igt_edid-Allocate-raw-8-bytes-for-VSDB.patch b/srcpkgs/igt-gpu-tools/patches/igt_edid-Allocate-raw-8-bytes-for-VSDB.patch new file mode 100644 index 000000000000..7cc9e289305c --- /dev/null +++ b/srcpkgs/igt-gpu-tools/patches/igt_edid-Allocate-raw-8-bytes-for-VSDB.patch @@ -0,0 +1,42 @@ +From 2107b0a53692fb329175bc16169c3699712187aa Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Sat, 27 Feb 2021 14:10:41 -0800 +Subject: [PATCH] lib/igt_edid: Allocate raw 8-bytes for VSDB + +hdmi_vsdb is an element of cea_vsdb which makes the size of cea_vsdb to +be 8 ( 3bytes ieee_oui ) + ( 5bytes hdmi_vsdb struct), its true that we +only use 7 bytes technically we can only allocate 7byte array but since +we are writing to elements of hdmi_vsdb struct which is sitting at offet +4-8 in cea_vsdb, compiler thinks we have an element which is out of +array bounds since out allocated size is 7bytes + +This errors out +../git/lib/igt_edid.c:365:13: error: array subscript 'struct hdmi_vsdb[0]' is partly outside array bounds of 'char[7]' [-Werror=array-bounds] + 365 | hdmi->src_phy_addr[0] = 0x10; + | ^~ + +allocating one extra byte matches with size of cea_vsdb and compiler is +happy + +Signed-off-by: Khem Raj +Reviewed-by: Martin Peres +--- + lib/igt_edid.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/igt_edid.c b/lib/igt_edid.c +index 1c85486d..ce09cc47 100644 +--- a/lib/igt_edid.c ++++ b/lib/igt_edid.c +@@ -351,7 +351,7 @@ void cea_sad_init_pcm(struct cea_sad *sad, int channels, + const struct cea_vsdb *cea_vsdb_get_hdmi_default(size_t *size) + { + /* We'll generate a VSDB with 2 extension fields. */ +- static char raw[CEA_VSDB_HDMI_MIN_SIZE + 2] = {0}; ++ static char raw[CEA_VSDB_HDMI_MIN_SIZE + 3] = {0}; + struct cea_vsdb *vsdb; + struct hdmi_vsdb *hdmi; + +-- +GitLab + diff --git a/srcpkgs/igt-gpu-tools/template b/srcpkgs/igt-gpu-tools/template index e5865e11a57f..02f6cc4bba66 100644 --- a/srcpkgs/igt-gpu-tools/template +++ b/srcpkgs/igt-gpu-tools/template @@ -1,7 +1,7 @@ # Template file for 'igt-gpu-tools' pkgname=igt-gpu-tools version=1.25 -revision=5 +revision=6 build_style=meson configure_args="-Db_ndebug=false -Db_lto=false" # b_lto=true makes the build hang at a random point