Bug 109977

Summary: Segmentation fault in drmParsePlatformDeviceInfo
Product: DRI Reporter: Andreas Baierl <ichgeh>
Component: libdrmAssignee: Default DRI bug account <dri-devel>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: medium CC: emil.l.velikov
Version: XOrg git   
Hardware: All   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments:
Description Flags
[PATCH libdrm] xf86drm: Fix segmentation fault while parsing device info none

Description Andreas Baierl 2019-03-12 11:22:46 UTC 
Created attachment 143633 [details]
[PATCH libdrm] xf86drm: Fix segmentation fault while parsing device  info

Since commit ee798b98479709acdd8d1492689dc93c1a62f239 (xf85drm: de-duplicate drmParse{Platform.Host1x}{Bus,Device}Info)

I encounter a segfault at line 3632:

     *compatible[i] = tmp_name;

Libdrm segfaults as soon as i>0. 

This was encountered on armhf platform (Allwinner A10) with kernel 5.0 including drm-misc-next and the lima driver (https://gitlab.freedesktop.org/lima/linux/commits/lima-drm-misc-next-20190309) and the lima mesa branch (https://gitlab.freedesktop.org/lima/mesa) while running glmark2-es2-drm and kmscube.

You can see the original issue including backtrace and strace reported here:
https://gitlab.freedesktop.org/lima/mesa/issues/80#note_129271

The attached patch fixes it.
Comment 1 Eric Engestrom 2019-03-12 12:56:32 UTC 
Thanks!
Your fix is correct, although partial: the same bug appears again in the free() a couple lines below.
I've added it as part of your patch and pushed it:

commit 4735ca71af9f741e2438104d543dc3c5a8107f35
Author: Andreas Baierl <ichgeh@imkreisrum.de>
Date:   Mon Mar 11 16:04:08 2019 +0100

    xf86drm: Fix segmentation fault while parsing device info
    
    This fixes a bug, which was introduced with commit ee798b98
    "xf85drm: de-duplicate drmParse{Platform.Host1x}{Bus,Device}Info".
    where accessing *compatible[i] with i>0 results in a segfault.
    
    Signed-off-by: Andreas Baierl <ichgeh@imkreisrum.de>
    Fixes: ee798b98479709acdd8d "xf85drm: de-duplicate drmParse{Platform.Host1x}{Bus,Device}Info"
    Reviewed-by: Eric Engestrom <eric.engestrom@intel.com>
    [Eric: add the same fix to the free() below]
    Signed-off-by: Eric Engestrom <eric.engestrom@intel.com>

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.