drm/amd/display: fix array index out of bound error in bios parser

[ Upstream commit 4fc1ba4aa589ca267468ad23fedef37562227d32 ]

[Why&How]
Firmware headers dictate that gpio_pin array only has a size of 8. The
count returned from vbios however is greater than 8.

Fix this by not using array indexing but incrementing the pointer since
gpio_pin definition in atomfirmware.h is hardcoded to size 8

Reviewed-by: Martin Leung <Martin.Leung@amd.com>
Acked-by: Tom Chung <chiahsuan.chung@amd.com>
Signed-off-by: Aurabindo Pillai <aurabindo.pillai@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c b/drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c
index 6dbde74c1e0690fbfa1d2846e3b05165180011d4..1d86fd5610c039ee518009cf37c348c2230ca260 100644 (file)
--- a/drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c
+++ b/drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c
@@ -352,6 +352,7 @@ static enum bp_result get_gpio_i2c_info(
        uint32_t count = 0;
        unsigned int table_index = 0;
        bool find_valid = false;
+       struct atom_gpio_pin_assignment *pin;
 
        if (!info)
                return BP_RESULT_BADINPUT;
@@ -379,20 +380,17 @@ static enum bp_result get_gpio_i2c_info(
                        - sizeof(struct atom_common_table_header))
                                / sizeof(struct atom_gpio_pin_assignment);
 
+       pin = (struct atom_gpio_pin_assignment *) header->gpio_pin;
+
        for (table_index = 0; table_index < count; table_index++) {
-               if (((record->i2c_id & I2C_HW_CAP) == (
-               header->gpio_pin[table_index].gpio_id &
-                                               I2C_HW_CAP)) &&
-               ((record->i2c_id & I2C_HW_ENGINE_ID_MASK)  ==
-               (header->gpio_pin[table_index].gpio_id &
-                                       I2C_HW_ENGINE_ID_MASK)) &&
-               ((record->i2c_id & I2C_HW_LANE_MUX) ==
-               (header->gpio_pin[table_index].gpio_id &
-                                               I2C_HW_LANE_MUX))) {
+               if (((record->i2c_id & I2C_HW_CAP)                              == (pin->gpio_id & I2C_HW_CAP)) &&
+                   ((record->i2c_id & I2C_HW_ENGINE_ID_MASK)   == (pin->gpio_id & I2C_HW_ENGINE_ID_MASK)) &&
+                   ((record->i2c_id & I2C_HW_LANE_MUX)                 == (pin->gpio_id & I2C_HW_LANE_MUX))) {
                        /* still valid */
                        find_valid = true;
                        break;
                }
+               pin = (struct atom_gpio_pin_assignment *)((uint8_t *)pin + sizeof(struct atom_gpio_pin_assignment));
        }
 
        /* If we don't find the entry that we are looking for then