linux-iio.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Jonathan Cameron <jic23@kernel.org>
To: linux-iio@vger.kernel.org
Cc: Lars-Peter Clausen <lars@metafoo.de>,
	alexandru.tachici@analog.com,
	Alexandru Ardelean <ardeleanalex@gmail.com>,
	Jonathan Cameron <Jonathan.Cameron@huawei.com>
Subject: [PATCH 2/3] iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers
Date: Sat,  8 May 2021 19:23:18 +0100	[thread overview]
Message-ID: <20210508182319.488551-3-jic23@kernel.org> (raw)
In-Reply-To: <20210508182319.488551-1-jic23@kernel.org>

From: Jonathan Cameron <Jonathan.Cameron@huawei.com>

Channel numbering must start at 0 and then not have any holes, or
it is possible to overflow the available storage.  Note this bug was
introduced as part of a fix to ensure we didn't rely on the ordering
of child nodes.  So we need to support arbitrary ordering but they all
need to be there somewhere.

Note I hit this when using qemu to test the rest of this series.
Arguably this isn't the best fix, but it is probably the most minimal
option for backporting etc.

Fixes: d7857e4ee1ba6 ("iio: adc: ad7124: Fix DT channel configuration")
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
---
 drivers/iio/adc/ad7124.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/drivers/iio/adc/ad7124.c b/drivers/iio/adc/ad7124.c
index c0d0870a29ff..9c2401c5848e 100644
--- a/drivers/iio/adc/ad7124.c
+++ b/drivers/iio/adc/ad7124.c
@@ -616,6 +616,13 @@ static int ad7124_of_parse_channel_config(struct iio_dev *indio_dev,
 		if (ret)
 			goto err;
 
+		if (channel >= indio_dev->num_channels) {
+			dev_err(indio_dev->dev.parent,
+				"Channel index >= number of channels\n");
+			ret = -EINVAL;
+			goto err;
+		}
+
 		ret = of_property_read_u32_array(child, "diff-channels",
 						 ain, 2);
 		if (ret)
-- 
2.31.1


  parent reply	other threads:[~2021-05-08 18:24 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-05-08 18:23 [PATCH 0/3] iio: adc: ad7124: Fixes and devm_ for all of probe Jonathan Cameron
2021-05-08 18:23 ` [PATCH 1/3] iio: adc: ad7124: Fix missbalanced regulator enable / disable on error Jonathan Cameron
2021-05-09  7:20   ` Alexandru Ardelean
2021-05-08 18:23 ` Jonathan Cameron [this message]
2021-05-09  7:22   ` [PATCH 2/3] iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers Alexandru Ardelean
2021-05-08 18:23 ` [PATCH 3/3] iio: adc: ad7124: Use devm_ managed calls for all of probe() + drop remove() Jonathan Cameron
2021-05-09  7:30   ` Alexandru Ardelean
2021-05-09  7:31 ` [PATCH 0/3] iio: adc: ad7124: Fixes and devm_ for all of probe Alexandru Ardelean
2021-05-09  9:35   ` Jonathan Cameron

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210508182319.488551-3-jic23@kernel.org \
    --to=jic23@kernel.org \
    --cc=Jonathan.Cameron@huawei.com \
    --cc=alexandru.tachici@analog.com \
    --cc=ardeleanalex@gmail.com \
    --cc=lars@metafoo.de \
    --cc=linux-iio@vger.kernel.org \
    --subject='Re: [PATCH 2/3] iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).