The "od_table" is a pointer to a large struct, but this code is doing
pointer math as if it were pointing to bytes. It results in writing
far outside the struct.
Fixes:
2e8452ea4ef6 ("drm/amd/pm: fulfill the OD support for SMU13.0.0")
Fixes:
2a9aa52e4617 ("drm/amd/pm: fulfill the OD support for SMU13.0.7")
Reviewed-by: Evan Quan <evan.quan@amd.com>
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
* settings. Thus we do not cache it.
*/
offset_of_featurectrlmask = offsetof(OverDriveTable_t, FeatureCtrlMask);
- if (memcmp(od_table + offset_of_featurectrlmask,
+ if (memcmp((u8 *)od_table + offset_of_featurectrlmask,
table_context->user_overdrive_table + offset_of_featurectrlmask,
sizeof(OverDriveTableExternal_t) - offset_of_featurectrlmask)) {
smu_v13_0_0_dump_od_table(smu, od_table);
od_table->OverDriveTable.FeatureCtrlMask = 0;
memcpy(table_context->user_overdrive_table + offset_of_featurectrlmask,
- od_table + offset_of_featurectrlmask,
+ (u8 *)od_table + offset_of_featurectrlmask,
sizeof(OverDriveTableExternal_t) - offset_of_featurectrlmask);
if (!memcmp(table_context->user_overdrive_table,
* settings. Thus we do not cache it.
*/
offset_of_featurectrlmask = offsetof(OverDriveTable_t, FeatureCtrlMask);
- if (memcmp(od_table + offset_of_featurectrlmask,
+ if (memcmp((u8 *)od_table + offset_of_featurectrlmask,
table_context->user_overdrive_table + offset_of_featurectrlmask,
sizeof(OverDriveTableExternal_t) - offset_of_featurectrlmask)) {
smu_v13_0_7_dump_od_table(smu, od_table);
od_table->OverDriveTable.FeatureCtrlMask = 0;
memcpy(table_context->user_overdrive_table + offset_of_featurectrlmask,
- od_table + offset_of_featurectrlmask,
+ (u8 *)od_table + offset_of_featurectrlmask,
sizeof(OverDriveTableExternal_t) - offset_of_featurectrlmask);
if (!memcmp(table_context->user_overdrive_table,