[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20210510125523.1271237-10-aardelean@deviqon.com>
Date: Mon, 10 May 2021 15:55:21 +0300
From: Alexandru Ardelean <aardelean@...iqon.com>
To: linux-iio@...r.kernel.org, linux-kernel@...r.kernel.org
Cc: jic23@...nel.org, Jonathan.Cameron@...wei.com,
alexandru.tachici@...log.com, linux@...iqon.com,
Alexandru Ardelean <ardeleanalex@...il.com>
Subject: [PATCH 09/11] iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers
From: Jonathan Cameron <Jonathan.Cameron@...wei.com>
Channel numbering must start at 0 and then not have any holes, or
it is possible to overflow the available storage. Note this bug was
introduced as part of a fix to ensure we didn't rely on the ordering
of child nodes. So we need to support arbitrary ordering but they all
need to be there somewhere.
Note I hit this when using qemu to test the rest of this series.
Arguably this isn't the best fix, but it is probably the most minimal
option for backporting etc.
Fixes: d7857e4ee1ba6 ("iio: adc: ad7124: Fix DT channel configuration")
Reviewed-by: Alexandru Ardelean <ardeleanalex@...il.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@...wei.com>
---
drivers/iio/adc/ad7124.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/iio/adc/ad7124.c b/drivers/iio/adc/ad7124.c
index 437116a07cf1..a27db78ea13e 100644
--- a/drivers/iio/adc/ad7124.c
+++ b/drivers/iio/adc/ad7124.c
@@ -771,6 +771,13 @@ static int ad7124_of_parse_channel_config(struct iio_dev *indio_dev,
if (ret)
goto err;
+ if (channel >= indio_dev->num_channels) {
+ dev_err(indio_dev->dev.parent,
+ "Channel index >= number of channels\n");
+ ret = -EINVAL;
+ goto err;
+ }
+
ret = of_property_read_u32_array(child, "diff-channels",
ain, 2);
if (ret)
--
2.31.1
Powered by blists - more mailing lists