From 555ff6a6539dd73fbcb711f5f1f2493ad3dceb4a Mon Sep 17 00:00:00 2001 From: "Galantsev, Dmitrii" Date: Tue, 26 Sep 2023 13:56:42 -0500 Subject: [PATCH] Fix out-of-bounds array access for --showvc get_od_clk_volt_info assumed the size of the file instead of checking the length. This caused out-of-bounds array element access. Change-Id: Ibda8f0c3a6d1623d48964641ae5ef610d2072e94 Signed-off-by: Galantsev, Dmitrii [ROCm/amdsmi commit: 8eb9f892d32d3d8eabe6c2b47ac23304842c3881] --- projects/amdsmi/src/rocm_smi.cc | 70 ++++++++++++++++++++------------- 1 file changed, 43 insertions(+), 27 deletions(-) diff --git a/projects/amdsmi/src/rocm_smi.cc b/projects/amdsmi/src/rocm_smi.cc index a0061ddd9b..b6c9155347 100755 --- a/projects/amdsmi/src/rocm_smi.cc +++ b/projects/amdsmi/src/rocm_smi.cc @@ -1232,16 +1232,16 @@ For the new format, GFXCLK field will show min and max values(0/1). If the curre frequency in neither min/max but lies within the range, this is indicated by an additional value followed by * at index 1 and max value at index 2. */ -static const uint32_t kOD_SCLK_label_array_index = 0; -static const uint32_t kOD_MCLK_label_array_index = - kOD_SCLK_label_array_index + 3; -static const uint32_t kOD_VDDC_CURVE_label_array_index = - kOD_MCLK_label_array_index + 2; -static const uint32_t kOD_OD_RANGE_label_array_index = - kOD_VDDC_CURVE_label_array_index + 4; -static const uint32_t kOD_VDDC_CURVE_start_index = +constexpr uint32_t kOD_SCLK_label_array_index = 0; +constexpr uint32_t kOD_MCLK_label_array_index = + kOD_SCLK_label_array_index + 3; +constexpr uint32_t kOD_VDDC_CURVE_label_array_index = + kOD_MCLK_label_array_index + 2; +constexpr uint32_t kOD_OD_RANGE_label_array_index = + kOD_VDDC_CURVE_label_array_index + 4; +constexpr uint32_t kOD_VDDC_CURVE_start_index = kOD_OD_RANGE_label_array_index + 3; -// static const uint32_t kOD_VDDC_CURVE_num_lines = +// constexpr uint32_t kOD_VDDC_CURVE_num_lines = // kOD_VDDC_CURVE_start_index + 4; static rsmi_status_t get_od_clk_volt_info(uint32_t dv_ind, @@ -1283,41 +1283,57 @@ static rsmi_status_t get_od_clk_volt_info(uint32_t dv_ind, p->curr_sclk_range.upper_bound = freq_string_to_int(val_vec, nullptr, nullptr, kOD_SCLK_label_array_index + 2); + if (val_vec.size() < (kOD_MCLK_label_array_index + 1)) { + return RSMI_STATUS_UNEXPECTED_SIZE; + } // The condition below checks if it is the old style or new style format. if (val_vec[kOD_MCLK_label_array_index] == "OD_MCLK:") { - p->curr_mclk_range.lower_bound = 0; - p->curr_mclk_range.upper_bound = freq_string_to_int(val_vec, nullptr, - nullptr, kOD_MCLK_label_array_index + 1); + p->curr_mclk_range.lower_bound = 0; + p->curr_mclk_range.upper_bound = freq_string_to_int(val_vec, nullptr, + nullptr, kOD_MCLK_label_array_index + 1); } else if (val_vec[kOD_MCLK_label_array_index] == "MCLK:") { - p->curr_mclk_range.lower_bound = freq_string_to_int(val_vec, nullptr, - nullptr, kOD_MCLK_label_array_index + 1); - // the upper memory frequency is the last - p->curr_mclk_range.upper_bound = freq_string_to_int(val_vec, nullptr, - nullptr, last_item); - return RSMI_STATUS_SUCCESS; - } else if (val_vec[kOD_MCLK_label_array_index + 1] == "MCLK:") { - p->curr_sclk_range.upper_bound = freq_string_to_int(val_vec, nullptr, - nullptr, kOD_SCLK_label_array_index + 3); - p->curr_mclk_range.lower_bound = freq_string_to_int(val_vec, nullptr, - nullptr, kOD_MCLK_label_array_index + 2); - // the upper memory frequency is the last - p->curr_mclk_range.upper_bound = freq_string_to_int(val_vec, nullptr, - nullptr, last_item); - return RSMI_STATUS_SUCCESS; + p->curr_mclk_range.lower_bound = freq_string_to_int(val_vec, nullptr, + nullptr, kOD_MCLK_label_array_index + 1); + // the upper memory frequency is the last + p->curr_mclk_range.upper_bound = freq_string_to_int(val_vec, nullptr, + nullptr, last_item); + return RSMI_STATUS_SUCCESS; } else { + if (val_vec.size() < (kOD_MCLK_label_array_index + 3)) { + return RSMI_STATUS_UNEXPECTED_SIZE; + } + if (val_vec[kOD_MCLK_label_array_index + 1] == "MCLK:") { + p->curr_sclk_range.upper_bound = freq_string_to_int(val_vec, nullptr, + nullptr, kOD_SCLK_label_array_index + 3); + p->curr_mclk_range.lower_bound = freq_string_to_int(val_vec, nullptr, + nullptr, kOD_MCLK_label_array_index + 2); + // the upper memory frequency is the last + p->curr_mclk_range.upper_bound = freq_string_to_int(val_vec, nullptr, + nullptr, last_item); + return RSMI_STATUS_SUCCESS; + } return RSMI_STATUS_NOT_YET_IMPLEMENTED; } + if (val_vec.size() < kOD_VDDC_CURVE_label_array_index) { + return RSMI_STATUS_UNEXPECTED_SIZE; + } assert(val_vec[kOD_VDDC_CURVE_label_array_index] == "OD_VDDC_CURVE:"); if (val_vec[kOD_VDDC_CURVE_label_array_index] != "OD_VDDC_CURVE:") { return RSMI_STATUS_UNEXPECTED_DATA; } uint32_t tmp = kOD_VDDC_CURVE_label_array_index + 1; + if (val_vec.size() < (tmp + RSMI_NUM_VOLTAGE_CURVE_POINTS)) { + return RSMI_STATUS_UNEXPECTED_SIZE; + } for (uint32_t i = 0; i < RSMI_NUM_VOLTAGE_CURVE_POINTS; ++i) { freq_volt_string_to_point(val_vec[tmp + i], &(p->curve.vc_points[i])); } + if (val_vec.size() < (kOD_OD_RANGE_label_array_index + 2)) { + return RSMI_STATUS_UNEXPECTED_SIZE; + } assert(val_vec[kOD_OD_RANGE_label_array_index] == "OD_RANGE:"); if (val_vec[kOD_OD_RANGE_label_array_index] != "OD_RANGE:") { return RSMI_STATUS_UNEXPECTED_DATA;