> -----Original Message----- > From: Dan Carpenter [mailto:dan.carpenter@xxxxxxxxxx] > Sent: Friday, July 13, 2018 10:55 PM > To: A.s. Dong <aisheng.dong@xxxxxxx>; Markus Pargmann > <mpa@xxxxxxxxxxxxxx> > Cc: Fabio Estevam <festevam@xxxxxxxxx>; Shawn Guo > <shawnguo@xxxxxxxxxx>; Stefan Agner <stefan@xxxxxxxx>; Pengutronix > Kernel Team <kernel@xxxxxxxxxxxxxx>; Linus Walleij > <linus.walleij@xxxxxxxxxx>; linux-gpio@xxxxxxxxxxxxxxx; kernel- > janitors@xxxxxxxxxxxxxxx > Subject: [PATCH] pinctrl: freescale: off by one in > imx1_pinconf_group_dbg_show() > > The info->groups[] array is allocated in imx1_pinctrl_parse_dt(). It has info- > >ngroups elements. Thus the > here should be >= to prevent reading one > element beyond the end of the array. > > Fixes: 30612cd90005 ("pinctrl: imx1 core driver") > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> Acked-by: Dong Aisheng <Aisheng.dong@xxxxxxx> BTW It seems pinctrl-imx.c has the same issue although it won't trigger real error because the second check causes the return. But the fix still applies. So would you send anther fix for pinctrl-imx as well? Regards Dong Aisheng > > diff --git a/drivers/pinctrl/freescale/pinctrl-imx1-core.c > b/drivers/pinctrl/freescale/pinctrl-imx1-core.c > index c3bdd90b1422..deb7870b3d1a 100644 > --- a/drivers/pinctrl/freescale/pinctrl-imx1-core.c > +++ b/drivers/pinctrl/freescale/pinctrl-imx1-core.c > @@ -429,7 +429,7 @@ static void imx1_pinconf_group_dbg_show(struct > pinctrl_dev *pctldev, > const char *name; > int i, ret; > > - if (group > info->ngroups) > + if (group >= info->ngroups) > return; > > seq_puts(s, "\n"); -- To unsubscribe from this list: send the line "unsubscribe linux-gpio" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html