From bb80a707cd3b39d7485eb0f205797798c8977821 Mon Sep 17 00:00:00 2001 From: saranyad Date: Mon, 10 Feb 2025 17:05:25 +0000 Subject: [PATCH] KMD: Fix Misra-C:2012 Rule - This patch fixes the following violations OVERRUN - 2 (CIDs 22827501, 22827481) - Added checks to validate boundries Rule: OVERRUN Rule Description: Out-of-bounds access to a buffer JIRA TDS-15862 Change-Id: I94b19dc491583a63ec242c59cc288c5e32134cc0 Signed-off-by: saranyad Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3299743 Reviewed-by: svcacv GVS: buildbot_gerritrpt Reviewed-by: Adithya Sanjeev Byalpi Reviewed-by: Ishwarya Balaji Gururajan --- drivers/platform/tegra/dce/dce-client-ipc.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/drivers/platform/tegra/dce/dce-client-ipc.c b/drivers/platform/tegra/dce/dce-client-ipc.c index 37e8c071..feaa42e5 100644 --- a/drivers/platform/tegra/dce/dce-client-ipc.c +++ b/drivers/platform/tegra/dce/dce-client-ipc.c @@ -76,11 +76,16 @@ out: static struct tegra_dce_client_ipc *dce_client_ipc_lookup_handle(u32 handle) { struct tegra_dce_client_ipc *cl = NULL; + u32 index = 0U; if (!is_client_handle_valid(handle)) goto out; - cl = &client_handles[client_handle_to_index(handle)]; + index = client_handle_to_index(handle); + if (index >= DCE_CLIENT_IPC_TYPE_MAX) + goto out; + + cl = &client_handles[index]; out: return cl; @@ -174,6 +179,7 @@ int tegra_dce_register_ipc_client(u32 type, struct tegra_dce *d = NULL; struct tegra_dce_client_ipc *cl = NULL; u32 handle = DCE_CLIENT_IPC_HANDLE_INVALID; + u32 index = 0U; if (handlep == NULL) { dce_os_err(d, "Invalid handle pointer"); @@ -199,7 +205,14 @@ int tegra_dce_register_ipc_client(u32 type, if (ret) goto out; - cl = &client_handles[client_handle_to_index(handle)]; + index = client_handle_to_index(handle); + if (index >= DCE_CLIENT_IPC_TYPE_MAX) { + dce_os_err(d, "Invalid client handle index: %u", index); + ret = -EINVAL; + goto out; + } + + cl = &client_handles[index]; cl->d = d; cl->type = type;