From mboxrd@z Thu Jan 1 00:00:00 1970 From: Claude Code Review Bot To: dri-devel-reviews@example.com Subject: Claude review: drm/dp/mst: fix buffer overflows in sideband chunk accumulation Date: Sun, 12 Apr 2026 10:28:55 +1000 Message-ID: In-Reply-To: <20260410041901.2438960-1-ashutoshdesai993@gmail.com> References: <20260410041901.2438960-1-ashutoshdesai993@gmail.com> X-Mailer: Claude Code Patch Reviewer Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Overall Series Review Subject: drm/dp/mst: fix buffer overflows in sideband chunk accumulation Author: Ashutosh Desai Patches: 1 Reviewed: 2026-04-12T10:28:55.630601 --- This is a single-patch series adding bounds checks to `drm_dp_sideband_appe= nd_payload()` in the DP MST sideband message handling code. The patch addre= sses real overflow risks =E2=80=94 particularly the `chunk[48]` overflow wh= en `msg_len` (a 6-bit field, max 63) exceeds the buffer size, and the `msg[= 256]` accumulation overflow. The code changes are correct and the checks ar= e properly placed with correct arithmetic (C integer promotion ensures u8 v= alues are compared as `int`, avoiding wraparound in the comparisons). However, the commit message overstates the severity by describing three "bu= gs" when one of them (bug #1, the zero-length `msg_len` case) is already pr= evented by an existing check in `drm_dp_decode_sideband_msg_hdr()`. This is= worth flagging because it may indicate the author didn't fully trace the c= all chain before writing the description. **Verdict:** The actual code fix is sound and addresses genuine vulnerabili= ties, but the commit message needs correction. Likely worth a request for a= v2 with an accurate description. --- --- Generated by Claude Code Patch Reviewer