drm/displayid: add displayid_get_header() and check bounds better

From Jani Nikula
4b17053ba268bf952c19ecb58d66d5d72e782d13 in linux-6.1.y/6.1.30
5bacecc3c56131c31f18b23d366f2184328fd9cf in mainline linux

diff --git a/sys/dev/pci/drm/drm_displayid.c b/sys/dev/pci/drm/drm_displayid.c
index 38ea820..7d03159 100644 (file)
--- a/sys/dev/pci/drm/drm_displayid.c
+++ b/sys/dev/pci/drm/drm_displayid.c
@@ -7,13 +7,28 @@
 #include <drm/drm_edid.h>
 #include <drm/drm_print.h>
 
+static const struct displayid_header *
+displayid_get_header(const u8 *displayid, int length, int index)
+{
+       const struct displayid_header *base;
+
+       if (sizeof(*base) > length - index)
+               return ERR_PTR(-EINVAL);
+
+       base = (const struct displayid_header *)&displayid[index];
+
+       return base;
+}
+
 static int validate_displayid(const u8 *displayid, int length, int idx)
 {
        int i, dispid_length;
        u8 csum = 0;
        const struct displayid_header *base;
 
-       base = (const struct displayid_header *)&displayid[idx];
+       base = displayid_get_header(displayid, length, idx);
+       if (IS_ERR(base))
+               return PTR_ERR(base);
 
        DRM_DEBUG_KMS("base revision 0x%x, length %d, %d %d\n",
                      base->rev, base->bytes, base->prod_id, base->ext_count);