From patchwork Wed Jul 15 12:13:38 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cristian Marussi X-Patchwork-Id: 11665215 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 783B113B4 for ; Wed, 15 Jul 2020 12:13:52 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 67DAA2065D for ; Wed, 15 Jul 2020 12:13:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727790AbgGOMNw (ORCPT ); Wed, 15 Jul 2020 08:13:52 -0400 Received: from foss.arm.com ([217.140.110.172]:50084 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726437AbgGOMNw (ORCPT ); Wed, 15 Jul 2020 08:13:52 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 582E230E; Wed, 15 Jul 2020 05:13:51 -0700 (PDT) Received: from e119603-lin.cambridge.arm.com (unknown [172.31.20.19]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id AACF93F66E; Wed, 15 Jul 2020 05:13:49 -0700 (PDT) Date: Wed, 15 Jul 2020 13:13:38 +0100 From: Cristian Marussi To: linux-kernel@vger.kernel.org, linux-hwmon@vger.kernel.org Cc: jdelvare@suse.com, linux@roeck-us.net, cristian.marussi@arm.com, sudeep.holla@arm.com Subject: [RESEND][PATCH] hwmon: scmi: fix potential buffer overflow in scmi_hwmon_probe() Message-ID: <20200715121338.GA18761@e119603-lin.cambridge.arm.com> MIME-Version: 1.0 Content-Disposition: inline X-Mailer: git-send-email 2.17.1 User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-hwmon-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-hwmon@vger.kernel.org SMATCH detected a potential buffer overflow in the manipulation of hwmon_attributes array inside the scmi_hwmon_probe function: drivers/hwmon/scmi-hwmon.c:226 scmi_hwmon_probe() error: buffer overflow 'hwmon_attributes' 6 <= 9 Fix it by statically declaring the size of the array as the maximum possible as defined by hwmon_max define. Signed-off-by: Cristian Marussi Reviewed-by: Sudeep Holla --- drivers/hwmon/scmi-hwmon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/hwmon/scmi-hwmon.c b/drivers/hwmon/scmi-hwmon.c index 281454c5c5b1..758f66fc9afe 100644 --- a/drivers/hwmon/scmi-hwmon.c +++ b/drivers/hwmon/scmi-hwmon.c @@ -149,7 +149,7 @@ static enum hwmon_sensor_types scmi_types[] = { [ENERGY] = hwmon_energy, }; -static u32 hwmon_attributes[] = { +static u32 hwmon_attributes[hwmon_max] = { [hwmon_chip] = HWMON_C_REGISTER_TZ, [hwmon_temp] = HWMON_T_INPUT | HWMON_T_LABEL, [hwmon_in] = HWMON_I_INPUT | HWMON_I_LABEL,