From: Tvrtko Ursulin <tvrtko.ursu...@intel.com>
Check that the engine query is not polluting the buffer past the size it
indicated it would write.
Signed-off-by: Tvrtko Ursulin <tvrtko.ursu...@intel.com>
---
tests/i915/i915_query.c | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
diff --git a/tests/i915/i915_query.c b/tests/i915/i915_query.c
index ecbec3ae141d..92dd8f48a5d0 100644
--- a/tests/i915/i915_query.c
+++ b/tests/i915/i915_query.c
@@ -496,7 +496,8 @@ static void engines_invalid(int fd)
{
struct drm_i915_query_engine_info *engines;
struct drm_i915_query_item item;
- unsigned int len;
+ unsigned int i, len;
+ char *buf;
/* Flags is MBZ. */
memset(&item, 0, sizeof(item));
@@ -574,6 +575,20 @@ static void engines_invalid(int fd)
-1, 0);
igt_assert(engines != MAP_FAILED);
+ /* Check no write past len. */
+ memset(engines, 0, 4096);
+ memset(&item, 0, sizeof(item));
+ item.query_id = DRM_I915_QUERY_ENGINE_INFO;
+ item.length = len;
+ item.data_ptr = to_user_pointer(engines);
+ i915_query_items(fd, &item, 1);
+ igt_assert_eq(item.length, len);
+ buf = (char *)engines;
+ buf += len;
+ for (i = 0; i < 4096 - len; i++, buf++)
+ igt_assert_f(*buf == 0, "Garbage %u bytes after buffer! (%x)\n",
+ i, *buf);
+
/* PROT_NONE is similar to unmapped area. */
memset(engines, 0, len);
igt_assert_eq(mprotect(engines, len, PROT_NONE), 0);
--
2.20.1
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
