Hi,
The Samsung pinctrl driver uses the "pinctrlN" alias from DT without performing
any validation on the returned index, which may lead to out-of-bounds accesses
in the SoC-specific samsung_pin_ctrl[] arrays:
drivers/pinctrl/samsung/pinctrl-samsung.c:samsung_pinctrl_get_soc_data():
id = of_alias_get_id(node, "pinctrl");
if (id < 0) {
dev_err(&pdev->dev, "failed to get alias id\n");
return ERR_PTR(-ENOENT);
}
ctrl = of_device_get_match_data(&pdev->dev);
// FIXME out-of-bounds access, limit not known
ctrl += id;
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@xxxxxxxxxxxxxx
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
--
To unsubscribe from this list: send the line "unsubscribe devicetree" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
