[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <dd0caac8d0640a12a74721a926144f7a0be1c3a6.1539874459.git.gustavo@embeddedor.com>
Date: Thu, 18 Oct 2018 17:08:29 +0200
From: "Gustavo A. R. Silva" <gustavo@...eddedor.com>
To: linux-kernel@...r.kernel.org
Cc: Kishon Vijay Abraham I <kishon@...com>,
Quentin Schulz <quentin.schulz@...tlin.com>,
"Gustavo A. R. Silva" <gustavo@...eddedor.com>
Subject: [PATCH v2 2/2] phy: ocelot-serdes: fix out-of-bounds read
Currently, there is an out-of-bounds read on array ctrl->phys,
once variable i reaches the maximum array size of SERDES_MAX
in the for loop.
Fix this by changing the condition in the for loop from
i <= SERDES_MAX to i < SERDES_MAX.
Addresses-Coverity-ID: 1473966 ("Out-of-bounds read")
Addresses-Coverity-ID: 1473959 ("Out-of-bounds read")
Fixes: 51f6b410fc22 ("phy: add driver for Microsemi Ocelot SerDes muxing")
Reviewed-by: Quentin Schulz <quentin.schulz@...tlin.com>
Signed-off-by: Gustavo A. R. Silva <gustavo@...eddedor.com>
---
Changes in v2:
- Rebase and add Quentin's Reviewed-by to commit log.
drivers/phy/mscc/phy-ocelot-serdes.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/phy/mscc/phy-ocelot-serdes.c b/drivers/phy/mscc/phy-ocelot-serdes.c
index b2be546..cbb49d9 100644
--- a/drivers/phy/mscc/phy-ocelot-serdes.c
+++ b/drivers/phy/mscc/phy-ocelot-serdes.c
@@ -206,7 +206,7 @@ static struct phy *serdes_simple_xlate(struct device *dev,
port = args->args[0];
idx = args->args[1];
- for (i = 0; i <= SERDES_MAX; i++) {
+ for (i = 0; i < SERDES_MAX; i++) {
struct serdes_macro *macro = phy_get_drvdata(ctrl->phys[i]);
if (idx != macro->idx)
@@ -260,7 +260,7 @@ static int serdes_probe(struct platform_device *pdev)
if (IS_ERR(ctrl->regs))
return PTR_ERR(ctrl->regs);
- for (i = 0; i <= SERDES_MAX; i++) {
+ for (i = 0; i < SERDES_MAX; i++) {
ret = serdes_phy_create(ctrl, i, &ctrl->phys[i]);
if (ret)
return ret;
--
2.7.4
Powered by blists - more mailing lists