[PATCH] PM / OPP: fix off-by-one bug in dev_pm_opp_get_max_volt_latency loop

From: Andrzej Hajda
Date: Mon Feb 20 2017 - 13:59:10 EST

Next message: Mark Brown: "Re: [PATCH v2] regulator: devres: introduce managed enable and disable operations"
Previous message: Daniel Kiper: "Re: [RFC PATCH] x86/boot: make ELF kernel multiboot-able"
Next in thread: Viresh Kumar: "Re: [PATCH] PM / OPP: fix off-by-one bug in dev_pm_opp_get_max_volt_latency loop"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Reading array at given index before checking if index is valid results in
illegal memory access.

The bug was detected using KASAN framework.

Signed-off-by: Andrzej Hajda <a.hajda@xxxxxxxxxxx>
---
drivers/base/power/opp/core.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/base/power/opp/core.c b/drivers/base/power/opp/core.c
index 91ec323..dae6172 100644
--- a/drivers/base/power/opp/core.c
+++ b/drivers/base/power/opp/core.c
@@ -231,7 +231,8 @@ unsigned long dev_pm_opp_get_max_volt_latency(struct device *dev)
* The caller needs to ensure that opp_table (and hence the regulator)
* isn't freed, while we are executing this routine.
*/
- for (i = 0; reg = regulators[i], i < count; i++) {
+ for (i = 0; i < count; i++) {
+ reg = regulators[i];
ret = regulator_set_voltage_time(reg, uV[i].min, uV[i].max);
if (ret > 0)
latency_ns += ret * 1000;
--
2.7.4

Next message: Mark Brown: "Re: [PATCH v2] regulator: devres: introduce managed enable and disable operations"
Previous message: Daniel Kiper: "Re: [RFC PATCH] x86/boot: make ELF kernel multiboot-able"
Next in thread: Viresh Kumar: "Re: [PATCH] PM / OPP: fix off-by-one bug in dev_pm_opp_get_max_volt_latency loop"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]