MIME-Version: 1.0
In-Reply-To: <84e9b377-30c6-d0f2-b869-6382d6c9f770@ti.com>
References: <20170325160049.18943-1-giedrius.statkevicius@gmail.com> <84e9b377-30c6-d0f2-b869-6382d6c9f770@ti.com>
From: =?UTF-8?Q?Giedrius_Statkevi=C4=8Dius?= 
        <giedrius.statkevicius@gmail.com>
Date: Sat, 8 Apr 2017 13:55:24 +0300
Message-ID: <CABNMmsBFUoY99JOB-qPR7Dbxn6tOU5ZRcnQc8LqctEW3P=HwUw@mail.gmail.com>
Subject: Re: [PATCH] power: supply: lp8788: prevent out of bounds array access
To: "Kim, Milo" <milo.kim@ti.com>
Cc: sre@kernel.org, linux-pm@vger.kernel.org,
        linux-kernel <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
Content-Transfer-Encoding: 8bit
Content-Length: 1299
Lines: 37

Ping.

On Tue, Mar 28, 2017 at 2:23 AM, Kim, Milo <milo.kim@ti.com> wrote:
> On 3/26/2017 1:00 AM, Giedrius Statkevičius wrote:
>>
>> val might become 7 in which case stime[7] (array of length 7) would be
>> accessed during the scnprintf call later and that will cause issues.
>> Obviously, string concatenation is not intended here so just a comma needs
>> to be added to fix the issue.
>>
>> Signed-off-by: Giedrius Statkevičius <giedrius.statkevicius@gmail.com>
>
>
> Acked-by: Milo Kim <milo.kim@ti.com>
>
>
>> ---
>>  drivers/power/supply/lp8788-charger.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/power/supply/lp8788-charger.c
>> b/drivers/power/supply/lp8788-charger.c
>> index 509e2b341bd6..677f7c40b25a 100644
>> --- a/drivers/power/supply/lp8788-charger.c
>> +++ b/drivers/power/supply/lp8788-charger.c
>> @@ -651,7 +651,7 @@ static ssize_t lp8788_show_eoc_time(struct device
>> *dev,
>>  {
>>         struct lp8788_charger *pchg = dev_get_drvdata(dev);
>>         char *stime[] = { "400ms", "5min", "10min", "15min",
>> -                       "20min", "25min", "30min" "No timeout" };
>> +                       "20min", "25min", "30min", "No timeout" };
>>         u8 val;
>>
>>         lp8788_read_byte(pchg->lp, LP8788_CHG_EOC, &val);
>>
>