2016-10-19 16:35:07

by Masahiro Yamada

[permalink] [raw]
Subject: [PATCH] clk: uniphier: fix memory overrun bug

The first loop of this "for" statement writes memory beyond the
allocated clk_hw_onecell_data.

It should be:
for (clk_num--; clk_num >= 0; clk_num--)
...

Or more simply:
while (--clk_num >= 0)
...

Fixes: 734d82f4a678 ("clk: uniphier: add core support code for UniPhier clock driver")
Signed-off-by: Masahiro Yamada <[email protected]>
---

drivers/clk/uniphier/clk-uniphier-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/clk/uniphier/clk-uniphier-core.c b/drivers/clk/uniphier/clk-uniphier-core.c
index f4e0f6b..84bc465 100644
--- a/drivers/clk/uniphier/clk-uniphier-core.c
+++ b/drivers/clk/uniphier/clk-uniphier-core.c
@@ -79,7 +79,7 @@ static int uniphier_clk_probe(struct platform_device *pdev)
hw_data->num = clk_num;

/* avoid returning NULL for unused idx */
- for (; clk_num >= 0; clk_num--)
+ while (--clk_num >= 0)
hw_data->hws[clk_num] = ERR_PTR(-EINVAL);

for (p = data; p->name; p++) {
--
1.9.1


2016-10-19 20:14:26

by Stephen Boyd

[permalink] [raw]
Subject: Re: [PATCH] clk: uniphier: fix memory overrun bug

On 10/19, Masahiro Yamada wrote:
> The first loop of this "for" statement writes memory beyond the
> allocated clk_hw_onecell_data.
>
> It should be:
> for (clk_num--; clk_num >= 0; clk_num--)
> ...
>
> Or more simply:
> while (--clk_num >= 0)
> ...
>
> Fixes: 734d82f4a678 ("clk: uniphier: add core support code for UniPhier clock driver")
> Signed-off-by: Masahiro Yamada <[email protected]>
> ---

Applied to clk-fixes

--
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
a Linux Foundation Collaborative Project