From e3e39fb8b5dd0dca82b20b38be2e9c04f08befde Mon Sep 17 00:00:00 2001
From: msaitoh <msaitoh@NetBSD.org>
Date: Tue, 7 Jan 2020 13:51:38 +0000
Subject: [PATCH]  Don't call memcpy() when the length is 0 (and the source
 pointer is NULL) in radeon_dp_aux_transfer_atom() to avoid undefined
 behavior. Found by kUBSan.

---
 .../bsd/drm2/dist/drm/radeon/radeon_atombios_dp.c        | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/sys/external/bsd/drm2/dist/drm/radeon/radeon_atombios_dp.c b/sys/external/bsd/drm2/dist/drm/radeon/radeon_atombios_dp.c
index 9cb1509b8ffe..15fc2ac501da 100644
--- a/sys/external/bsd/drm2/dist/drm/radeon/radeon_atombios_dp.c
+++ b/sys/external/bsd/drm2/dist/drm/radeon/radeon_atombios_dp.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: radeon_atombios_dp.c,v 1.1 2018/08/27 14:38:20 riastradh Exp $	*/
+/*	$NetBSD: radeon_atombios_dp.c,v 1.2 2020/01/07 13:51:38 msaitoh Exp $	*/
 
 /*
  * Copyright 2007-8 Advanced Micro Devices, Inc.
@@ -27,7 +27,7 @@
  *          Jerome Glisse
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: radeon_atombios_dp.c,v 1.1 2018/08/27 14:38:20 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: radeon_atombios_dp.c,v 1.2 2020/01/07 13:51:38 msaitoh Exp $");
 
 #include <drm/drmP.h>
 #include <drm/radeon_drm.h>
@@ -196,9 +196,10 @@ radeon_dp_aux_transfer_atom(struct drm_dp_aux *aux, struct drm_dp_aux_msg *msg)
 		tx_size = HEADER_SIZE + msg->size;
 		if (msg->size == 0)
 			tx_buf[3] |= BARE_ADDRESS_SIZE << 4;
-		else
+		else {
 			tx_buf[3] |= tx_size << 4;
-		memcpy(tx_buf + HEADER_SIZE, msg->buffer, msg->size);
+			memcpy(tx_buf + HEADER_SIZE, msg->buffer, msg->size);
+		}
 		ret = radeon_process_aux_ch(chan,
 					    tx_buf, tx_size, NULL, 0, delay, &ack);
 		if (ret >= 0)