From: "Gustavo A. R. Silva" <gustavo@embeddedor.com>
To: Kishon Vijay Abraham I <kishon@ti.com>,
"David S. Miller" <davem@davemloft.net>
Cc: linux-kernel@vger.kernel.org,
Quentin Schulz <quentin.schulz@bootlin.com>,
"Gustavo A. R. Silva" <gustavo@embeddedor.com>
Subject: [PATCH 2/2] phy: ocelot-serdes: fix out-of-bounds read
Date: Tue, 9 Oct 2018 00:22:33 +0200 [thread overview]
Message-ID: <30c1dcb4a8d3707238fcf0a996b9e0bf0a4a7bbc.1539036280.git.gustavo@embeddedor.com> (raw)
In-Reply-To: <cover.1539036280.git.gustavo@embeddedor.com>
Currently, there is an out-of-bounds read on array ctrl->phys,
once variable i reaches the maximum array size of SERDES_MAX
in the for loop.
Fix this by changing the condition in the for loop from
i <= SERDES_MAX to i < SERDES_MAX.
Addresses-Coverity-ID: 1473966 ("Out-of-bounds read")
Addresses-Coverity-ID: 1473959 ("Out-of-bounds read")
Fixes: 51f6b410fc22 ("phy: add driver for Microsemi Ocelot SerDes muxing")
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
---
drivers/phy/mscc/phy-ocelot-serdes.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/phy/mscc/phy-ocelot-serdes.c b/drivers/phy/mscc/phy-ocelot-serdes.c
index 8936abd..c4eee3a 100644
--- a/drivers/phy/mscc/phy-ocelot-serdes.c
+++ b/drivers/phy/mscc/phy-ocelot-serdes.c
@@ -206,7 +206,7 @@ static struct phy *serdes_simple_xlate(struct device *dev,
port = args->args[0];
idx = args->args[1];
- for (i = 0; i <= SERDES_MAX; i++) {
+ for (i = 0; i < SERDES_MAX; i++) {
struct serdes_macro *macro = phy_get_drvdata(ctrl->phys[i]);
if (idx != macro->idx)
@@ -260,7 +260,7 @@ static int serdes_probe(struct platform_device *pdev)
if (!ctrl->regs)
return -ENODEV;
- for (i = 0; i <= SERDES_MAX; i++) {
+ for (i = 0; i < SERDES_MAX; i++) {
ret = serdes_phy_create(ctrl, i, &ctrl->phys[i]);
if (ret)
return ret;
--
2.7.4
next prev parent reply other threads:[~2018-10-08 22:22 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-08 22:20 [PATCH 0/2] phy: ocelot-serdes: fix out-of-bounds bug Gustavo A. R. Silva
2018-10-08 22:21 ` [PATCH 1/2] dt-bindings: phy: Update SERDES_MAX to be SERDES_MAX + 1 Gustavo A. R. Silva
2018-10-09 7:27 ` Quentin Schulz
2018-10-16 8:44 ` Gustavo A. R. Silva
2018-10-17 15:09 ` Rob Herring
2018-10-17 15:19 ` Gustavo A. R. Silva
2018-10-17 15:23 ` Rob Herring
2018-10-17 15:45 ` Gustavo A. R. Silva
2018-10-08 22:22 ` Gustavo A. R. Silva [this message]
2018-10-09 7:28 ` [PATCH 2/2] phy: ocelot-serdes: fix out-of-bounds read Quentin Schulz
2018-10-16 8:46 ` Gustavo A. R. Silva
2018-10-16 8:48 ` Kishon Vijay Abraham I
2018-10-17 15:37 ` Gustavo A. R. Silva
2018-11-12 8:27 ` Kishon Vijay Abraham I
2018-10-09 7:28 ` [PATCH 0/2] phy: ocelot-serdes: fix out-of-bounds bug Quentin Schulz
2018-10-09 14:13 ` Gustavo A. R. Silva
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=30c1dcb4a8d3707238fcf0a996b9e0bf0a4a7bbc.1539036280.git.gustavo@embeddedor.com \
--to=gustavo@embeddedor.com \
--cc=davem@davemloft.net \
--cc=kishon@ti.com \
--cc=linux-kernel@vger.kernel.org \
--cc=quentin.schulz@bootlin.com \
--subject='Re: [PATCH 2/2] phy: ocelot-serdes: fix out-of-bounds read' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).