Re: [PATCH] pinctrl: microchip: fix array overflow
From: Linus Walleij
Date: Tue Mar 30 2021 - 05:06:08 EST
On Sun, Mar 28, 2021 at 7:18 PM Lars Povlsen <lars.povlsen@xxxxxxxxxxxxx> wrote:
> Linus Walleij writes:
>
> > On Tue, Mar 23, 2021 at 2:10 PM Arnd Bergmann <arnd@xxxxxxxxxx> wrote:
> >
> >> From: Arnd Bergmann <arnd@xxxxxxxx>
> >>
> >> Building with 'make W=1' shows an array overflow:
> >>
> >> drivers/pinctrl/pinctrl-microchip-sgpio.c: In function 'microchip_sgpio_irq_settype':
> >> drivers/pinctrl/pinctrl-microchip-sgpio.c:154:39: error: array subscript 10 is above array bounds of 'const u8[10]' {aka 'const unsigned char[10]'} [-Werror=array-bounds]
> >> 154 | u32 regoff = priv->properties->regoff[rno] + off;
> >> | ~~~~~~~~~~~~~~~~~~~~~~~~^~~~~
> >> drivers/pinctrl/pinctrl-microchip-sgpio.c:55:5: note: while referencing 'regoff'
> >> 55 | u8 regoff[MAXREG];
> >> | ^~~~~~
> >>
> >> It's not clear to me what was meant here, my best guess is that the
> >> offset should have been applied to the third argument instead of the
> >> second.
> >>
> >> Fixes: be2dc859abd4 ("pinctrl: pinctrl-microchip-sgpio: Add irq support (for sparx5)")
> >> Signed-off-by: Arnd Bergmann <arnd@xxxxxxxx>
> >
> > Patch applied.
> >
> > Yours,
> > Linus Walleij
>
> I don't understand - I submitted a fix for this already in February
> (reported by Gustavo). It took some time for you to get it ack'ed - but
> you did (Feb 1st).
>
> Did it end up getting dropped?
No I ended up with your fix in fixes, then forgot about it and applied
Arnds fix to devel (for-next) and ended up getting a conflict in my
face.
Last night I rebased devel, dropped Arnds patch and thus solved
the conflict.
Yours,
Linus Walleij