The > comparison should be >= to prevent reading one element beyond the
end of the array. The onecell_data->domains[] array is allocated in
imx8m_blk_ctrl_probe() and it has "onecell_data->num_domains" elements.
Fixes: 5b340e7813d4 ("soc: imx: add i.MX8M blk-ctrl driver")
Signed-off-by: Dan Carpenter <[email protected]>
---
drivers/soc/imx/imx8m-blk-ctrl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/soc/imx/imx8m-blk-ctrl.c b/drivers/soc/imx/imx8m-blk-ctrl.c
index e172d295c441..519b3651d1d9 100644
--- a/drivers/soc/imx/imx8m-blk-ctrl.c
+++ b/drivers/soc/imx/imx8m-blk-ctrl.c
@@ -139,7 +139,7 @@ imx8m_blk_ctrl_xlate(struct of_phandle_args *args, void *data)
unsigned int index = args->args[0];
if (args->args_count != 1 ||
- index > onecell_data->num_domains)
+ index >= onecell_data->num_domains)
return ERR_PTR(-EINVAL);
return onecell_data->domains[index];
--
2.20.1
Hi Dan,
Am Montag, dem 11.10.2021 um 15:36 +0300 schrieb Dan Carpenter:
> The > comparison should be >= to prevent reading one element beyond the
> end of the array. The onecell_data->domains[] array is allocated in
> imx8m_blk_ctrl_probe() and it has "onecell_data->num_domains" elements.
Thanks for the patch! I guess this was found via smatch? I should
really make it a habit to use smatch on my submissions...
> Fixes: 5b340e7813d4 ("soc: imx: add i.MX8M blk-ctrl driver")
> Signed-off-by: Dan Carpenter <[email protected]>
Reviewed-by: Lucas Stach <[email protected]>
> ---
> drivers/soc/imx/imx8m-blk-ctrl.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/soc/imx/imx8m-blk-ctrl.c b/drivers/soc/imx/imx8m-blk-ctrl.c
> index e172d295c441..519b3651d1d9 100644
> --- a/drivers/soc/imx/imx8m-blk-ctrl.c
> +++ b/drivers/soc/imx/imx8m-blk-ctrl.c
> @@ -139,7 +139,7 @@ imx8m_blk_ctrl_xlate(struct of_phandle_args *args, void *data)
> unsigned int index = args->args[0];
>
> if (args->args_count != 1 ||
> - index > onecell_data->num_domains)
> + index >= onecell_data->num_domains)
> return ERR_PTR(-EINVAL);
>
> return onecell_data->domains[index];
On Tue, Oct 12, 2021 at 10:29:27AM +0200, Lucas Stach wrote:
> Hi Dan,
>
> Am Montag, dem 11.10.2021 um 15:36 +0300 schrieb Dan Carpenter:
> > The > comparison should be >= to prevent reading one element beyond the
> > end of the array. The onecell_data->domains[] array is allocated in
> > imx8m_blk_ctrl_probe() and it has "onecell_data->num_domains" elements.
>
> Thanks for the patch! I guess this was found via smatch? I should
> really make it a habit to use smatch on my submissions...
Yeah, but not a from a published check. I have a private check for
off by one errors that warns about any > vs >= comparisons that cannot
be proved as correct.
regards,
dan carpenter
On Mon, Oct 11, 2021 at 03:36:38PM +0300, Dan Carpenter wrote:
> The > comparison should be >= to prevent reading one element beyond the
> end of the array. The onecell_data->domains[] array is allocated in
> imx8m_blk_ctrl_probe() and it has "onecell_data->num_domains" elements.
>
> Fixes: 5b340e7813d4 ("soc: imx: add i.MX8M blk-ctrl driver")
> Signed-off-by: Dan Carpenter <[email protected]>
Applied, thanks!