From mboxrd@z Thu Jan 1 00:00:00 1970 From: Claude Code Review Bot To: dri-devel-reviews@example.com Subject: Claude review: drm/dp/mst: fix OOB reads on 2-byte fields in sideband reply parsers Date: Sat, 16 May 2026 16:05:47 +1000 Message-ID: In-Reply-To: <20260510203128.2884846-1-ashutoshdesai993@gmail.com> References: <20260510203128.2884846-1-ashutoshdesai993@gmail.com> X-Mailer: Claude Code Patch Reviewer Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Overall Series Review Subject: drm/dp/mst: fix OOB reads on 2-byte fields in sideband reply parse= rs Author: Ashutosh Desai Patches: 1 Reviewed: 2026-05-16T16:05:47.888904 --- This is a single-patch fix for out-of-bounds reads in three DP MST sideband= reply parsers. The core problem is real: when reading 16-bit fields as `(r= aw->msg[idx] << 8) | raw->msg[idx+1]`, the preceding bounds check `idx > ra= w->curlen` only validates the first byte, not the second. The fix =E2=80=94= changing to `idx + 2 > raw->curlen` =E2=80=94 is correct and minimal. However, the patch misses the **same bug** in a fourth function in the same= file, and the commit message slightly overstates the practical consequence= of the OOB read. **Verdict**: The fix itself is correct but incomplete. The same 2-byte read= pattern with insufficient bounds checking exists in `drm_dp_sideband_parse= _resource_status_notify()` at line 1127, which should be fixed in the same = patch (or a follow-up mentioned in the cover letter). --- --- Generated by Claude Code Patch Reviewer