1. Patchew
  2. linux
  3. [PATCH v1 0/5] gpu: nova-core: use checked arithmetic for firmware parsing robustness
  4. View patch

[PATCH v1 3/5] gpu: nova-core: use checked arithmetic in frombytes_at helper

Joel Fernandes posted 5 patches 2 weeks, 1 day ago
There is a newer version of this series
[PATCH v1 3/5] gpu: nova-core: use checked arithmetic in frombytes_at helper
Posted by Joel Fernandes 2 weeks, 1 day ago 
Use checked_add() when computing the end offset in the frombytes_at()
helper function. This function is called with firmware-provided offsets.

Signed-off-by: Joel Fernandes <joelagnelf@nvidia.com>
---
 drivers/gpu/nova-core/firmware/booter.rs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/nova-core/firmware/booter.rs b/drivers/gpu/nova-core/firmware/booter.rs
index f5ad619dc055..1e2b2efe838f 100644
--- a/drivers/gpu/nova-core/firmware/booter.rs
+++ b/drivers/gpu/nova-core/firmware/booter.rs
@@ -43,8 +43,9 @@
 /// Local convenience function to return a copy of `S` by reinterpreting the bytes starting at
 /// `offset` in `slice`.
 fn frombytes_at<S: FromBytes + Sized>(slice: &[u8], offset: usize) -> Result<S> {
+    let end = offset.checked_add(size_of::<S>()).ok_or(EINVAL)?;
     slice
-        .get(offset..offset + size_of::<S>())
+        .get(offset..end)
         .and_then(S::from_bytes_copy)
         .ok_or(EINVAL)
 }
-- 
2.34.1
Re: [PATCH v1 3/5] gpu: nova-core: use checked arithmetic in frombytes_at helper
Posted by Zhi Wang 1 week, 6 days ago 
On Sat, 24 Jan 2026 18:18:28 -0500
Joel Fernandes <joelagnelf@nvidia.com> wrote:

> Use checked_add() when computing the end offset in the frombytes_at()
> helper function. This function is called with firmware-provided offsets.
> 
> Signed-off-by: Joel Fernandes <joelagnelf@nvidia.com>
> ---
>  drivers/gpu/nova-core/firmware/booter.rs | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/gpu/nova-core/firmware/booter.rs
> b/drivers/gpu/nova-core/firmware/booter.rs index
> f5ad619dc055..1e2b2efe838f 100644 ---
> a/drivers/gpu/nova-core/firmware/booter.rs +++
> b/drivers/gpu/nova-core/firmware/booter.rs @@ -43,8 +43,9 @@
>  /// Local convenience function to return a copy of `S` by
> reinterpreting the bytes starting at /// `offset` in `slice`.
>  fn frombytes_at<S: FromBytes + Sized>(slice: &[u8], offset: usize) ->
> Result<S> {
> +    let end = offset.checked_add(size_of::<S>()).ok_or(EINVAL)?;
>      slice
> -        .get(offset..offset + size_of::<S>())
> +        .get(offset..end)
>          .and_then(S::from_bytes_copy)
>          .ok_or(EINVAL)
>  }

Reviewed-by: Zhi Wang <zhiw@nvidia.com>

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.