In this function, the param 'idx' may be
equal to 'DW_WDT_NUM_TOPS'.
At this time, the array 'dw_wdt->timeouts'
may be out of bound
Signed-off-by: zhangyue <[email protected]>
---
drivers/watchdog/dw_wdt.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/watchdog/dw_wdt.c b/drivers/watchdog/dw_wdt.c
index cd578843277e..15fb1895c085 100644
--- a/drivers/watchdog/dw_wdt.c
+++ b/drivers/watchdog/dw_wdt.c
@@ -155,6 +155,9 @@ static unsigned int dw_wdt_get_min_timeout(struct dw_wdt *dw_wdt)
break;
}
+ if (idx == DW_WDT_NUM_TOPS)
+ return 1;
+
return dw_wdt->timeouts[idx].sec;
}
--
2.30.0
On 12/12/21 7:34 PM, zhangyue wrote:
> In this function, the param 'idx' may be
> equal to 'DW_WDT_NUM_TOPS'.
> At this time, the array 'dw_wdt->timeouts'
> may be out of bound
>
> Signed-off-by: zhangyue <[email protected]>
> ---
> drivers/watchdog/dw_wdt.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/watchdog/dw_wdt.c b/drivers/watchdog/dw_wdt.c
> index cd578843277e..15fb1895c085 100644
> --- a/drivers/watchdog/dw_wdt.c
> +++ b/drivers/watchdog/dw_wdt.c
> @@ -155,6 +155,9 @@ static unsigned int dw_wdt_get_min_timeout(struct dw_wdt *dw_wdt)
> break;
> }
>
> + if (idx == DW_WDT_NUM_TOPS)
> + return 1;
> +
Please look at the code (and the comments) more closely.
This can not happen.
Guenter