hdmitx: fix KASAN Bug in set_disp_mode_auto [1/1]
PD#173549: hdmitx: fix KASAN Bug in set_disp_mode_auto
==================================================================
BUG: KASAN: global-out-of-bounds in set_disp_mode_auto+0x244/0x870
Read of size 32 at addr
ffffff900a67e4c0 by task power@1.0-servi/2924
CPU: 2 PID: 2924 Comm: power@1.0-servi Tainted: G B O 4.9.113 #1
Hardware name: Amlogic (DT)
Call trace:
[<
ffffff900908ecc0>] dump_backtrace+0x0/0x368
[<
ffffff900908f0cc>] show_stack+0x24/0x30
[<
ffffff900963bdb0>] dump_stack+0xa0/0xc8
[<
ffffff90092ba234>] print_address_description+0x144/0x258
[<
ffffff90092ba6ac>] kasan_report+0x264/0x338
[<
ffffff90092b8ff4>] check_memory_region+0x12c/0x1c0
[<
ffffff90092b90dc>] __asan_loadN+0x14/0x20
[<
ffffff9009c12804>] set_disp_mode_auto+0x244/0x870
[<
ffffff9009c13994>] hdmitx_late_resume+0x1cc/0x288
[<
ffffff9009da5f30>] early_suspend_trigger_store+0x1a8/0x1d0
[<
ffffff9009640ac4>] kobj_attr_store+0x44/0x60
[<
ffffff90093973b0>] sysfs_kf_write+0x98/0xb8
[<
ffffff9009396134>] kernfs_fop_write+0x12c/0x270
[<
ffffff90092c9888>] __vfs_write+0xd8/0x268
[<
ffffff90092cae48>] vfs_write+0xd8/0x240
[<
ffffff90092ccd8c>] SyS_write+0xc4/0x148
[<
ffffff9009083f00>] el0_svc_naked+0x34/0x38
The buggy address belongs to the variable:
all_fmt_paras+0x1460/0x14a0
Memory state around the buggy address:
ffffff900a67e380: 00 07 fa fa fa fa fa fa 00 02 fa fa fa fa fa fa
ffffff900a67e400: 00 07 fa fa fa fa fa fa 00 02 fa fa fa fa fa fa
>
ffffff900a67e480: 00 07 fa fa fa fa fa fa 00 02 fa fa fa fa fa fa
^
ffffff900a67e500: 00 07 fa fa fa fa fa fa 00 03 fa fa fa fa fa fa
ffffff900a67e580: 00 04 fa fa fa fa fa fa 00 04 fa fa fa fa fa fa
==================================================================
Change-Id: Ie2435c031c04ac23e801cfefa80a29071c120b4f
Signed-off-by: Zongdong Jiao <zongdong.jiao@amlogic.com>