lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aYmsu8qREppwBESH@stanley.mountain>
Date: Mon, 9 Feb 2026 12:45:31 +0300
From: Dan Carpenter <dan.carpenter@...aro.org>
To: André Draszik <andre.draszik@...aro.org>
Cc: André Draszik <andre.draszik@...aro.org>,
	linux-samsung-soc@...r.kernel.org,
	linux-kernel <linux-kernel@...r.kernel.org>
Subject: [bug report] regulator: s2mps11: add S2MPG10 regulator

[ Smatch checking is paused while we raise funding. #SadFace
  https://lore.kernel.org/all/aTaiGSbWZ9DJaGo7@stanley.mountain/ -dan ]

Hello André Draszik,

Commit a2b8b9f33ce3 ("regulator: s2mps11: add S2MPG10 regulator")
from Jan 22, 2026 (linux-next), leads to the following Smatch static
checker warning:

	drivers/regulator/s2mps11.c:483 s2mpg10_of_parse_cb()
	warn: off by one 'ext_control' == ARRAY_SIZE()?

drivers/regulator/s2mps11.c
    458         if (of_property_read_u32(np, "samsung,ext-control", &ext_control))
    459                 return 0;
    460 
    461         switch (s2mps11->dev_type) {
    462         case S2MPG10:
    463                 switch (desc->id) {
    464                 case S2MPG10_BUCK1 ... S2MPG10_BUCK7:
    465                 case S2MPG10_BUCK10:
    466                 case S2MPG10_LDO3 ... S2MPG10_LDO19:
    467                         if (ext_control > S2MPG10_EXTCTRL_TCXO_ON2)
    468                                 return -EINVAL;
    469                         break;
    470 
    471                 case S2MPG10_LDO20:
    472                         if (ext_control < S2MPG10_EXTCTRL_LDO20M_EN2 ||
    473                             ext_control > S2MPG10_EXTCTRL_LDO20M_EN)
    474                                 return -EINVAL;
    475                         break;
    476 
    477                 default:
    478                         return -EINVAL;
    479                 }
    480 
    481                 if (ext_control > ARRAY_SIZE(ext_control_s2mpg10))

This should be >= ARRAY_SIZE().  Although the earlier checks prevent an
out of bounds access, it's still worth fixing the sanity check.

    482                         return -EINVAL;
--> 483                 ext_control = ext_control_s2mpg10[ext_control];
    484                 break;
    485 
    486         case S2MPG11:
    487                 switch (desc->id) {
    488                 case S2MPG11_BUCK1 ... S2MPG11_BUCK3:

regards,
dan carpenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ