| Message ID | 17dce071-21ef-49f5-be45-f93bbf3642ec@moroto.mountain (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | bus: stm32_firewall: fix off by one in stm32_firewall_get_firewall() | expand |
Hi Dan, On 4/12/24 10:25, Dan Carpenter wrote: > The "nb_firewall" variable is the number of elements in the firewall[] > array, which is allocated in stm32_firewall_populate_bus(). So change > this > comparison to >= to prevent an out of bound access. > > Fixes: 5c9668cfc6d7 ("firewall: introduce stm32_firewall framework") > Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> > --- > drivers/bus/stm32_firewall.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/bus/stm32_firewall.c b/drivers/bus/stm32_firewall.c > index decb79449047..2fc9761dadec 100644 > --- a/drivers/bus/stm32_firewall.c > +++ b/drivers/bus/stm32_firewall.c > @@ -53,7 +53,7 @@ int stm32_firewall_get_firewall(struct device_node *np, struct stm32_firewall *f > return err; > } > > - if (j > nb_firewall) { > + if (j >= nb_firewall) { > pr_err("Too many firewall controllers"); > of_node_put(provider); > return -EINVAL; Thank you. Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Hi Dan On 4/12/24 10:25, Dan Carpenter wrote: > The "nb_firewall" variable is the number of elements in the firewall[] > array, which is allocated in stm32_firewall_populate_bus(). So change > this > comparison to >= to prevent an out of bound access. > > Fixes: 5c9668cfc6d7 ("firewall: introduce stm32_firewall framework") > Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> > --- > drivers/bus/stm32_firewall.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/bus/stm32_firewall.c b/drivers/bus/stm32_firewall.c > index decb79449047..2fc9761dadec 100644 > --- a/drivers/bus/stm32_firewall.c > +++ b/drivers/bus/stm32_firewall.c > @@ -53,7 +53,7 @@ int stm32_firewall_get_firewall(struct device_node *np, struct stm32_firewall *f > return err; > } > > - if (j > nb_firewall) { > + if (j >= nb_firewall) { > pr_err("Too many firewall controllers"); > of_node_put(provider); > return -EINVAL; Applied on stm32-next. Regards Alex
diff --git a/drivers/bus/stm32_firewall.c b/drivers/bus/stm32_firewall.c index decb79449047..2fc9761dadec 100644 --- a/drivers/bus/stm32_firewall.c +++ b/drivers/bus/stm32_firewall.c @@ -53,7 +53,7 @@ int stm32_firewall_get_firewall(struct device_node *np, struct stm32_firewall *f return err; } - if (j > nb_firewall) { + if (j >= nb_firewall) { pr_err("Too many firewall controllers"); of_node_put(provider); return -EINVAL;
The "nb_firewall" variable is the number of elements in the firewall[] array, which is allocated in stm32_firewall_populate_bus(). So change this > comparison to >= to prevent an out of bound access. Fixes: 5c9668cfc6d7 ("firewall: introduce stm32_firewall framework") Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> --- drivers/bus/stm32_firewall.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)