From mboxrd@z Thu Jan  1 00:00:00 1970
From: Claude Code Review Bot <claude-review@example.com>
To: dri-devel-reviews@example.com
Subject: Claude review: drm/radeon: Fix OOB read in MC register table init
Date: Thu, 04 Jun 2026 16:32:17 +1000
Message-ID: <review-patch1-20260529121436.1633842-1-n.zhandarovich@fintech.ru>
In-Reply-To: <20260529121436.1633842-1-n.zhandarovich@fintech.ru>
References: <20260529121436.1633842-1-n.zhandarovich@fintech.ru> <20260529121436.1633842-1-n.zhandarovich@fintech.ru>
X-Mailer: Claude Code Patch Reviewer
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0

Patch Review

**Problem analysis:** In `radeon_atom_init_mc_reg_table()`, the inner `for`=
 loop at line 4029 iterates `i` starting from 0. When `pre_reg_data` has `D=
ATA_EQU_PREV` set for the first entry (`i =3D=3D 0`), the code accesses `mc=
_data[i - 1]` which underflows to `mc_data[-1]` =E2=80=94 a clear out-of-bo=
unds read.

**Fix analysis:** The patch adds:
```c
if (i =3D=3D 0)
    continue;
```
at line 4035-4036, before the `mc_data[i - 1]` access. This is correct:

1. **`continue` targets the right loop.** The innermost enclosing loop is t=
he `for (i =3D 0, j =3D 1; i < reg_table->last; i++)` at line 4029. The `co=
ntinue` skips the copy for entry 0 and advances `i`, which is the desired b=
ehavior =E2=80=94 leaving `mc_data[0]` uninitialized for this case is accep=
table since `DATA_EQU_PREV` on the first entry is a malformed table conditi=
on with no meaningful "previous" value to copy.

2. **Exact match to the amdgpu fix.** The amdgpu equivalent at `amdgpu_atom=
bios.c:1525-1526` uses the identical pattern (`if (i =3D=3D 0) continue;`),=
 so this is consistent across both drivers.

3. **No side effects on `j`.** The `j` index is only incremented in the `DA=
TA_FROM_TABLE` branch, not the `DATA_EQU_PREV` branch, so skipping via `con=
tinue` doesn't desynchronize the data pointer.

4. **Fixes tag and stable tag are appropriate.** The Fixes tag points to th=
e original commit that introduced this code path (`ae5b0abbb6f7`), and the =
`Cc: stable` is warranted since this is a real OOB read.

**Minor note:** The commit message mentions "Emulate a fix" =E2=80=94 the w=
ording is slightly odd ("apply the same fix as" would be more natural), but=
 this is cosmetic and not worth a respin.

**Reviewed-by worthy.** No issues found.

---
Generated by Claude Code Patch Reviewer