From patchwork Mon Jan 16 14:16:58 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Alexey V. Vissarionov" X-Patchwork-Id: 643369 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 12185C63797 for ; Mon, 16 Jan 2023 14:39:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231376AbjAPOji (ORCPT ); Mon, 16 Jan 2023 09:39:38 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35092 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230466AbjAPOjR (ORCPT ); Mon, 16 Jan 2023 09:39:17 -0500 Received: from air.basealt.ru (air.basealt.ru [194.107.17.39]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0A6B45AB74; Mon, 16 Jan 2023 06:17:40 -0800 (PST) Received: by air.basealt.ru (Postfix, from userid 490) id 351C02F20230; Mon, 16 Jan 2023 14:17:00 +0000 (UTC) Received: from localhost (broadband-188-32-10-232.ip.moscow.rt.ru [188.32.10.232]) by air.basealt.ru (Postfix) with ESMTPSA id 9612F2F2022E; Mon, 16 Jan 2023 14:16:58 +0000 (UTC) Date: Mon, 16 Jan 2023 17:16:58 +0300 From: "Alexey V. Vissarionov" To: Krzysztof Kozlowski Cc: Alim Akhtar , Greg Kroah-Hartman , Jiri Slaby , Thomas Abraham , Kukjin Kim , linux-arm-kernel@lists.infradead.org, linux-samsung-soc@vger.kernel.org, linux-serial@vger.kernel.org, lvc-project@linuxtesting.org, gremlin@altlinux.org Subject: [PATCH] serial: samsung: fix buffer size for clk_name Message-ID: <20230116141658.GC8107@altlinux.org> MIME-Version: 1.0 Content-Disposition: inline Precedence: bulk List-ID: X-Mailing-List: linux-serial@vger.kernel.org Although very unlikely, the 'clk_num' value may be as big as 2**32 - 1 (uint32_max), so the buffer should have enough space for storing "clk_uart_baud4294967295\0". Also, the numbers in clk_name are expected to be unsigned. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 5f5a7a5578c58852 ("serial: samsung: switch to clkdev based clock lookup") Signed-off-by: Alexey V. Vissarionov diff --git a/drivers/tty/serial/samsung_tty.c b/drivers/tty/serial/samsung_tty.c index 0fce856434dafd80..2c701dc7c6a37191 100644 --- a/drivers/tty/serial/samsung_tty.c +++ b/drivers/tty/serial/samsung_tty.c @@ -1407,7 +1407,7 @@ static void s3c24xx_serial_pm(struct uart_port *port, unsigned int level, * */ -#define MAX_CLK_NAME_LENGTH 15 +#define MAX_CLK_NAME_LENGTH 24 /* "clk_uart_baud4294967295\0" */ static inline int s3c24xx_serial_getsource(struct uart_port *port) { @@ -1457,7 +1457,7 @@ static unsigned int s3c24xx_serial_getclk(struct s3c24xx_uart_port *ourport, !(ourport->cfg->clk_sel & (1 << cnt))) continue; - sprintf(clkname, "clk_uart_baud%d", cnt); + sprintf(clkname, "clk_uart_baud%u", cnt); clk = clk_get(ourport->port.dev, clkname); if (IS_ERR(clk)) continue; @@ -1957,7 +1957,7 @@ static int s3c24xx_serial_enable_baudclk(struct s3c24xx_uart_port *ourport) if (!(clk_sel & (1 << clk_num))) continue; - sprintf(clk_name, "clk_uart_baud%d", clk_num); + sprintf(clk_name, "clk_uart_baud%u", clk_num); clk = clk_get(dev, clk_name); if (IS_ERR(clk)) continue; @@ -2522,7 +2522,7 @@ s3c24xx_serial_get_options(struct uart_port *port, int *baud, /* now calculate the baud rate */ clk_sel = s3c24xx_serial_getsource(port); - sprintf(clk_name, "clk_uart_baud%d", clk_sel); + sprintf(clk_name, "clk_uart_baud%u", clk_sel); clk = clk_get(port->dev, clk_name); if (!IS_ERR(clk))