Re: [PATCH] soc: imx: imx8m-blk-ctrl: off by one in imx8m_blk_ctrl_xlate()
From: Lucas Stach
Date: Tue Oct 12 2021 - 04:29:50 EST
Hi Dan,
Am Montag, dem 11.10.2021 um 15:36 +0300 schrieb Dan Carpenter:
> The > comparison should be >= to prevent reading one element beyond the
> end of the array. The onecell_data->domains[] array is allocated in
> imx8m_blk_ctrl_probe() and it has "onecell_data->num_domains" elements.
Thanks for the patch! I guess this was found via smatch? I should
really make it a habit to use smatch on my submissions...
> Fixes: 5b340e7813d4 ("soc: imx: add i.MX8M blk-ctrl driver")
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Reviewed-by: Lucas Stach <l.stach@xxxxxxxxxxxxxx>
> ---
> drivers/soc/imx/imx8m-blk-ctrl.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/soc/imx/imx8m-blk-ctrl.c b/drivers/soc/imx/imx8m-blk-ctrl.c
> index e172d295c441..519b3651d1d9 100644
> --- a/drivers/soc/imx/imx8m-blk-ctrl.c
> +++ b/drivers/soc/imx/imx8m-blk-ctrl.c
> @@ -139,7 +139,7 @@ imx8m_blk_ctrl_xlate(struct of_phandle_args *args, void *data)
> unsigned int index = args->args[0];
>
> if (args->args_count != 1 ||
> - index > onecell_data->num_domains)
> + index >= onecell_data->num_domains)
> return ERR_PTR(-EINVAL);
>
> return onecell_data->domains[index];