* [PATCH] mtd: spi-nor: sfdp: Fix out of bound array access
@ 2021-02-12 15:47 Mathieu Dubois-Briand
2021-02-15 15:14 ` Pratyush Yadav
0 siblings, 1 reply; 4+ messages in thread
From: Mathieu Dubois-Briand @ 2021-02-12 15:47 UTC (permalink / raw)
To: mbriand
Cc: Tudor Ambarus, Miquel Raynal, Richard Weinberger,
Vignesh Raghavendra, Boris Brezillon, linux-mtd, linux-kernel
Fix array index: explicitly use the array length to access the last
element, instead of an incorrectly set iteration variable.
It seems this code was correct before following commit, were the
iteration counter is reused, leading to a value that may be out of
bound.
Fixes: dc92843159a7 ("mtd: spi-nor: fix erase_type array to indicate
current map conf")
Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com>
---
drivers/mtd/spi-nor/sfdp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mtd/spi-nor/sfdp.c b/drivers/mtd/spi-nor/sfdp.c
index 6ee7719e5903..11cc5d19e286 100644
--- a/drivers/mtd/spi-nor/sfdp.c
+++ b/drivers/mtd/spi-nor/sfdp.c
@@ -881,7 +881,7 @@ spi_nor_init_non_uniform_erase_map(struct spi_nor *nor,
if (!(regions_erase_type & BIT(erase[i].idx)))
spi_nor_set_erase_type(&erase[i], 0, 0xFF);
- spi_nor_region_mark_end(®ion[i - 1]);
+ spi_nor_region_mark_end(®ion[region_count - 1]);
return 0;
}
--
2.25.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] mtd: spi-nor: sfdp: Fix out of bound array access
2021-02-12 15:47 [PATCH] mtd: spi-nor: sfdp: Fix out of bound array access Mathieu Dubois-Briand
@ 2021-02-15 15:14 ` Pratyush Yadav
2021-02-19 7:50 ` Mathieu Dubois-Briand
0 siblings, 1 reply; 4+ messages in thread
From: Pratyush Yadav @ 2021-02-15 15:14 UTC (permalink / raw)
To: Mathieu Dubois-Briand
Cc: Vignesh Raghavendra, Boris Brezillon, Richard Weinberger,
Tudor Ambarus, linux-kernel, linux-mtd, Miquel Raynal
On 12/02/21 04:47PM, Mathieu Dubois-Briand wrote:
> Fix array index: explicitly use the array length to access the last
> element, instead of an incorrectly set iteration variable.
>
> It seems this code was correct before following commit, were the
> iteration counter is reused, leading to a value that may be out of
> bound.
> Fixes: dc92843159a7 ("mtd: spi-nor: fix erase_type array to indicate
> current map conf")
>
> Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com>
> ---
> drivers/mtd/spi-nor/sfdp.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/mtd/spi-nor/sfdp.c b/drivers/mtd/spi-nor/sfdp.c
> index 6ee7719e5903..11cc5d19e286 100644
> --- a/drivers/mtd/spi-nor/sfdp.c
> +++ b/drivers/mtd/spi-nor/sfdp.c
> @@ -881,7 +881,7 @@ spi_nor_init_non_uniform_erase_map(struct spi_nor *nor,
> if (!(regions_erase_type & BIT(erase[i].idx)))
> spi_nor_set_erase_type(&erase[i], 0, 0xFF);
>
> - spi_nor_region_mark_end(®ion[i - 1]);
> + spi_nor_region_mark_end(®ion[region_count - 1]);
I'm not too familiar with the non-uniform erase code but this looks good
at first look. Small nitpick: move this line just after the above for
loop that initializes this array.
>
> return 0;
> }
> --
> 2.25.1
>
>
> ______________________________________________________
> Linux MTD discussion mailing list
> http://lists.infradead.org/mailman/listinfo/linux-mtd/
--
Regards,
Pratyush Yadav
Texas Instruments Inc.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] mtd: spi-nor: sfdp: Fix out of bound array access
2021-02-15 15:14 ` Pratyush Yadav
@ 2021-02-19 7:50 ` Mathieu Dubois-Briand
2021-03-08 4:53 ` Tudor.Ambarus
0 siblings, 1 reply; 4+ messages in thread
From: Mathieu Dubois-Briand @ 2021-02-19 7:50 UTC (permalink / raw)
To: Pratyush Yadav
Cc: Vignesh Raghavendra, Boris Brezillon, Richard Weinberger,
Tudor Ambarus, linux-kernel, linux-mtd, Miquel Raynal
Hi,
I just came across this commit (9166f4af32db) in spi-nor/for-5.12:
https://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux.git/commit/?h=spi-nor/for-5.12&id=9166f4af32db74e1544a2149aef231ff24515ea3.
So I believe this patch isn't needed anymore.
Thanks,
Mathieu
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] mtd: spi-nor: sfdp: Fix out of bound array access
2021-02-19 7:50 ` Mathieu Dubois-Briand
@ 2021-03-08 4:53 ` Tudor.Ambarus
0 siblings, 0 replies; 4+ messages in thread
From: Tudor.Ambarus @ 2021-03-08 4:53 UTC (permalink / raw)
To: mbriand, p.yadav
Cc: vigneshr, bbrezillon, richard, linux-kernel, linux-mtd, miquel.raynal
On 2/19/21 9:50 AM, Mathieu Dubois-Briand wrote:
> EXTERNAL EMAIL: Do not click links or open attachments unless you know the content is safe
>
> Hi,
>
> I just came across this commit (9166f4af32db) in spi-nor/for-5.12:
> https://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux.git/commit/?h=spi-nor/for-5.12&id=9166f4af32db74e1544a2149aef231ff24515ea3.
>
> So I believe this patch isn't needed anymore.
>
That's true. Thanks,
ta
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-03-08 4:55 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-12 15:47 [PATCH] mtd: spi-nor: sfdp: Fix out of bound array access Mathieu Dubois-Briand
2021-02-15 15:14 ` Pratyush Yadav
2021-02-19 7:50 ` Mathieu Dubois-Briand
2021-03-08 4:53 ` Tudor.Ambarus
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).