linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] mtd: spi-nor: sfdp: Fix out of bound array access
@ 2021-02-12 15:47 Mathieu Dubois-Briand
  2021-02-15 15:14 ` Pratyush Yadav
  0 siblings, 1 reply; 4+ messages in thread
From: Mathieu Dubois-Briand @ 2021-02-12 15:47 UTC (permalink / raw)
  To: mbriand
  Cc: Tudor Ambarus, Miquel Raynal, Richard Weinberger,
	Vignesh Raghavendra, Boris Brezillon, linux-mtd, linux-kernel

Fix array index: explicitly use the array length to access the last
element, instead of an incorrectly set iteration variable.

It seems this code was correct before following commit, were the
iteration counter is reused, leading to a value that may be out of
bound.
Fixes: dc92843159a7 ("mtd: spi-nor: fix erase_type array to indicate
current map conf")

Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com>
---
 drivers/mtd/spi-nor/sfdp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/mtd/spi-nor/sfdp.c b/drivers/mtd/spi-nor/sfdp.c
index 6ee7719e5903..11cc5d19e286 100644
--- a/drivers/mtd/spi-nor/sfdp.c
+++ b/drivers/mtd/spi-nor/sfdp.c
@@ -881,7 +881,7 @@ spi_nor_init_non_uniform_erase_map(struct spi_nor *nor,
 		if (!(regions_erase_type & BIT(erase[i].idx)))
 			spi_nor_set_erase_type(&erase[i], 0, 0xFF);
 
-	spi_nor_region_mark_end(&region[i - 1]);
+	spi_nor_region_mark_end(&region[region_count - 1]);
 
 	return 0;
 }
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH] mtd: spi-nor: sfdp: Fix out of bound array access
  2021-02-12 15:47 [PATCH] mtd: spi-nor: sfdp: Fix out of bound array access Mathieu Dubois-Briand
@ 2021-02-15 15:14 ` Pratyush Yadav
  2021-02-19  7:50   ` Mathieu Dubois-Briand
  0 siblings, 1 reply; 4+ messages in thread
From: Pratyush Yadav @ 2021-02-15 15:14 UTC (permalink / raw)
  To: Mathieu Dubois-Briand
  Cc: Vignesh Raghavendra, Boris Brezillon, Richard Weinberger,
	Tudor Ambarus, linux-kernel, linux-mtd, Miquel Raynal

On 12/02/21 04:47PM, Mathieu Dubois-Briand wrote:
> Fix array index: explicitly use the array length to access the last
> element, instead of an incorrectly set iteration variable.
> 
> It seems this code was correct before following commit, were the
> iteration counter is reused, leading to a value that may be out of
> bound.
> Fixes: dc92843159a7 ("mtd: spi-nor: fix erase_type array to indicate
> current map conf")
> 
> Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com>
> ---
>  drivers/mtd/spi-nor/sfdp.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/mtd/spi-nor/sfdp.c b/drivers/mtd/spi-nor/sfdp.c
> index 6ee7719e5903..11cc5d19e286 100644
> --- a/drivers/mtd/spi-nor/sfdp.c
> +++ b/drivers/mtd/spi-nor/sfdp.c
> @@ -881,7 +881,7 @@ spi_nor_init_non_uniform_erase_map(struct spi_nor *nor,
>  		if (!(regions_erase_type & BIT(erase[i].idx)))
>  			spi_nor_set_erase_type(&erase[i], 0, 0xFF);
>  
> -	spi_nor_region_mark_end(&region[i - 1]);
> +	spi_nor_region_mark_end(&region[region_count - 1]);

I'm not too familiar with the non-uniform erase code but this looks good 
at first look. Small nitpick: move this line just after the above for 
loop that initializes this array.

>  
>  	return 0;
>  }
> -- 
> 2.25.1
> 
> 
> ______________________________________________________
> Linux MTD discussion mailing list
> http://lists.infradead.org/mailman/listinfo/linux-mtd/

-- 
Regards,
Pratyush Yadav
Texas Instruments Inc.

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] mtd: spi-nor: sfdp: Fix out of bound array access
  2021-02-15 15:14 ` Pratyush Yadav
@ 2021-02-19  7:50   ` Mathieu Dubois-Briand
  2021-03-08  4:53     ` Tudor.Ambarus
  0 siblings, 1 reply; 4+ messages in thread
From: Mathieu Dubois-Briand @ 2021-02-19  7:50 UTC (permalink / raw)
  To: Pratyush Yadav
  Cc: Vignesh Raghavendra, Boris Brezillon, Richard Weinberger,
	Tudor Ambarus, linux-kernel, linux-mtd, Miquel Raynal

Hi,

I just came across this commit (9166f4af32db) in spi-nor/for-5.12:
https://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux.git/commit/?h=spi-nor/for-5.12&id=9166f4af32db74e1544a2149aef231ff24515ea3.

So I believe this patch isn't needed anymore.

Thanks,
Mathieu

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] mtd: spi-nor: sfdp: Fix out of bound array access
  2021-02-19  7:50   ` Mathieu Dubois-Briand
@ 2021-03-08  4:53     ` Tudor.Ambarus
  0 siblings, 0 replies; 4+ messages in thread
From: Tudor.Ambarus @ 2021-03-08  4:53 UTC (permalink / raw)
  To: mbriand, p.yadav
  Cc: vigneshr, bbrezillon, richard, linux-kernel, linux-mtd, miquel.raynal

On 2/19/21 9:50 AM, Mathieu Dubois-Briand wrote:
> EXTERNAL EMAIL: Do not click links or open attachments unless you know the content is safe
> 
> Hi,
> 
> I just came across this commit (9166f4af32db) in spi-nor/for-5.12:
> https://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux.git/commit/?h=spi-nor/for-5.12&id=9166f4af32db74e1544a2149aef231ff24515ea3.
> 
> So I believe this patch isn't needed anymore.
> 

That's true. Thanks,
ta

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-03-08  4:55 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-12 15:47 [PATCH] mtd: spi-nor: sfdp: Fix out of bound array access Mathieu Dubois-Briand
2021-02-15 15:14 ` Pratyush Yadav
2021-02-19  7:50   ` Mathieu Dubois-Briand
2021-03-08  4:53     ` Tudor.Ambarus

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).