Re: [PATCH] mtd: spi-nor: sfdp: Fix out of bound array access
From: Pratyush Yadav
Date: Mon Feb 15 2021 - 10:20:34 EST
On 12/02/21 04:47PM, Mathieu Dubois-Briand wrote:
> Fix array index: explicitly use the array length to access the last
> element, instead of an incorrectly set iteration variable.
>
> It seems this code was correct before following commit, were the
> iteration counter is reused, leading to a value that may be out of
> bound.
> Fixes: dc92843159a7 ("mtd: spi-nor: fix erase_type array to indicate
> current map conf")
>
> Signed-off-by: Mathieu Dubois-Briand <mbriand@xxxxxxxxxxx>
> ---
> drivers/mtd/spi-nor/sfdp.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/mtd/spi-nor/sfdp.c b/drivers/mtd/spi-nor/sfdp.c
> index 6ee7719e5903..11cc5d19e286 100644
> --- a/drivers/mtd/spi-nor/sfdp.c
> +++ b/drivers/mtd/spi-nor/sfdp.c
> @@ -881,7 +881,7 @@ spi_nor_init_non_uniform_erase_map(struct spi_nor *nor,
> if (!(regions_erase_type & BIT(erase[i].idx)))
> spi_nor_set_erase_type(&erase[i], 0, 0xFF);
>
> - spi_nor_region_mark_end(®ion[i - 1]);
> + spi_nor_region_mark_end(®ion[region_count - 1]);
I'm not too familiar with the non-uniform erase code but this looks good
at first look. Small nitpick: move this line just after the above for
loop that initializes this array.
>
> return 0;
> }
> --
> 2.25.1
>
>
> ______________________________________________________
> Linux MTD discussion mailing list
> http://lists.infradead.org/mailman/listinfo/linux-mtd/
--
Regards,
Pratyush Yadav
Texas Instruments Inc.