Message ID | 20210118113651.71955-1-colin.king@canonical.com |
---|---|
State | Accepted |
Commit | e6393818c8d13cb602af4850bcef47ead1455bbf |
Headers | show |
Series | soc: qcom: socinfo: Fix off-by-one array index bounds check | expand |
There was a second one introduced recently as well. I've sent a patch for it. regards, dan carpenter
Hi, On Wed, Jan 20, 2021 at 1:58 AM Dan Carpenter <dan.carpenter@oracle.com> wrote: > > These need to be < ARRAY_SIZE() instead of <= ARRAY_SIZE() to prevent > accessing one element beyond the end of the array. > > Fixes: e9247e2ce577 ("soc: qcom: socinfo: fix printing of pmic_model") > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > --- > drivers/soc/qcom/socinfo.c | 2 +- > 1 file changed, 1 insertions(+), 1 deletions(-) Reviewed-by: Douglas Anderson <dianders@chromium.org>
On Wed, 20 Jan 2021 at 12:58, Dan Carpenter <dan.carpenter@oracle.com> wrote: > > These need to be < ARRAY_SIZE() instead of <= ARRAY_SIZE() to prevent > accessing one element beyond the end of the array. > > Fixes: e9247e2ce577 ("soc: qcom: socinfo: fix printing of pmic_model") > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> -- With best wishes Dmitry
Hello: This patch was applied to qcom/linux.git (refs/heads/for-next): On Mon, 18 Jan 2021 11:36:51 +0000 you wrote: > From: Colin Ian King <colin.king@canonical.com> > > There is an off-by-one array index bounds check on array > pmic_models. Fix this by checking using < rather than <= on > the array size. > > Addresses-Coverity: ("Out-of-bounds read") > Fixes: 734c78e7febf ("soc: qcom: socinfo: add info from PMIC models array") > Signed-off-by: Colin Ian King <colin.king@canonical.com> > > [...] Here is the summary with links: - soc: qcom: socinfo: Fix off-by-one array index bounds check https://git.kernel.org/qcom/c/e6393818c8d1 You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html
diff --git a/drivers/soc/qcom/socinfo.c b/drivers/soc/qcom/socinfo.c index a985ed064669..f449df560d93 100644 --- a/drivers/soc/qcom/socinfo.c +++ b/drivers/soc/qcom/socinfo.c @@ -332,7 +332,7 @@ static int qcom_show_pmic_model_array(struct seq_file *seq, void *p) unsigned int model = SOCINFO_MINOR(get_unaligned_le32(ptr + 2 * i * sizeof(u32))); unsigned int die_rev = get_unaligned_le32(ptr + (2 * i + 1) * sizeof(u32)); - if (model <= ARRAY_SIZE(pmic_models) && pmic_models[model]) + if (model < ARRAY_SIZE(pmic_models) && pmic_models[model]) seq_printf(seq, "%s %u.%u\n", pmic_models[model], SOCINFO_MAJOR(le32_to_cpu(die_rev)), SOCINFO_MINOR(le32_to_cpu(die_rev)));