drm/radeon: fix handling of variable sized arrays for router objects
authorAlex Deucher <alexander.deucher@amd.com>
Tue, 27 Aug 2013 16:36:01 +0000 (12:36 -0400)
committerAlex Deucher <alexander.deucher@amd.com>
Fri, 30 Aug 2013 20:31:10 +0000 (16:31 -0400)
The table has the following format:

typedef struct _ATOM_SRC_DST_TABLE_FOR_ONE_OBJECT         //usSrcDstTableOffset pointing to this structure
{
  UCHAR               ucNumberOfSrc;
  USHORT              usSrcObjectID[1];
  UCHAR               ucNumberOfDst;
  USHORT              usDstObjectID[1];
}ATOM_SRC_DST_TABLE_FOR_ONE_OBJECT;

usSrcObjectID[] and usDstObjectID[] are variably sized, so we
can't access them directly.  Use pointers and update the offset
appropriately when accessing the Dst members.

Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
drivers/gpu/drm/radeon/radeon_atombios.c

index 112c963..ad91354 100644 (file)
@@ -711,13 +711,16 @@ bool radeon_get_atom_connector_info_from_object_table(struct drm_device *dev)
                                                                (ATOM_SRC_DST_TABLE_FOR_ONE_OBJECT *)
                                                                (ctx->bios + data_offset +
                                                                 le16_to_cpu(router_obj->asObjects[k].usSrcDstTableOffset));
+                                                       u8 *num_dst_objs = (u8 *)
+                                                               ((u8 *)router_src_dst_table + 1 +
+                                                                (router_src_dst_table->ucNumberOfSrc * 2));
+                                                       u16 *dst_objs = (u16 *)(num_dst_objs + 1);
                                                        int enum_id;
 
                                                        router.router_id = router_obj_id;
-                                                       for (enum_id = 0; enum_id < router_src_dst_table->ucNumberOfDst;
-                                                            enum_id++) {
+                                                       for (enum_id = 0; enum_id < (*num_dst_objs); enum_id++) {
                                                                if (le16_to_cpu(path->usConnObjectId) ==
-                                                                   le16_to_cpu(router_src_dst_table->usDstObjectID[enum_id]))
+                                                                   le16_to_cpu(dst_objs[enum_id]))
                                                                        break;
                                                        }