Re: [PATCH] regmap: kunit: Fix array overflow in stride() test
From: Guenter Roeck
Date: Fri May 17 2024 - 12:54:30 EST
On Fri, May 17, 2024 at 03:47:03PM +0100, Richard Fitzgerald wrote:
> Force the max_register of the test regmap to be one register longer
> than the number of test registers, to prevent an array overflow in
> the test loop.
>
> The test defines num_reg_defaults = 6. With 6 registers and
> stride == 2 the valid register addresses would be 0, 2, 4, 6, 8, 10.
> However the loop checks attempting to access the odd address, so on
> the final register it accesses address 11, and it writes entry [11]
> of the read/written arrays.
>
> Originally this worked because the max_register of the regmap was
> hardcoded to be BLOCK_TEST_SIZE (== 12).
>
> commit 710915743d53 ("regmap: kunit: Run sparse cache tests at non-zero
> register addresses")
> introduced the ability to start the test address range from any address,
> which means adjusting the max_register. If max_register was not forced,
> it was calculated either from num_reg_defaults or BLOCK_TEST_SIZE. This
> correctly calculated that with num_reg_defaults == 6 and stride == 2 the
> final valid address is 10. So the read/written arrays are allocated to
> contain entries [0..10]. When stride attempted to access [11] it was
> overflowing the array.
>
> Signed-off-by: Richard Fitzgerald <rf@xxxxxxxxxxxxxxxxxxxxx>
> Fixes: 710915743d53 ("regmap: kunit: Run sparse cache tests at non-zero register addresses")
Tested-by: Guenter Roeck <linux@xxxxxxxxxxxx>