RE: [PATCH] pinctrl: freescale: off by one in imx1_pinconf_group_dbg_show()

["A.s. Dong" <aisheng.dong@xxxxxxx>]

> -----Original Message-----
> From: Dan Carpenter [mailto:dan.carpenter@xxxxxxxxxx]
> Sent: Friday, July 13, 2018 10:55 PM
> To: A.s. Dong <aisheng.dong@xxxxxxx>; Markus Pargmann
> <mpa@xxxxxxxxxxxxxx>
> Cc: Fabio Estevam <festevam@xxxxxxxxx>; Shawn Guo
> <shawnguo@xxxxxxxxxx>; Stefan Agner <stefan@xxxxxxxx>; Pengutronix
> Kernel Team <kernel@xxxxxxxxxxxxxx>; Linus Walleij
> <linus.walleij@xxxxxxxxxx>; linux-gpio@xxxxxxxxxxxxxxx; kernel-
> janitors@xxxxxxxxxxxxxxx
> Subject: [PATCH] pinctrl: freescale: off by one in
> imx1_pinconf_group_dbg_show()
> 
> The info->groups[] array is allocated in imx1_pinctrl_parse_dt().  It has info-
> >ngroups elements.  Thus the > here should be >= to prevent reading one
> element beyond the end of the array.
> 
> Fixes: 30612cd90005 ("pinctrl: imx1 core driver")
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>

Acked-by: Dong Aisheng <Aisheng.dong@xxxxxxx>

BTW It seems pinctrl-imx.c has the same issue although it won't trigger
real error because the second check causes the return. But the fix still
applies. So would you send anther fix for pinctrl-imx as well?

Regards
Dong Aisheng

> 
> diff --git a/drivers/pinctrl/freescale/pinctrl-imx1-core.c
> b/drivers/pinctrl/freescale/pinctrl-imx1-core.c
> index c3bdd90b1422..deb7870b3d1a 100644
> --- a/drivers/pinctrl/freescale/pinctrl-imx1-core.c
> +++ b/drivers/pinctrl/freescale/pinctrl-imx1-core.c
> @@ -429,7 +429,7 @@ static void imx1_pinconf_group_dbg_show(struct
> pinctrl_dev *pctldev,
>  	const char *name;
>  	int i, ret;
> 
> -	if (group > info->ngroups)
> +	if (group >= info->ngroups)
>  		return;
> 
>  	seq_puts(s, "\n");
--
To unsubscribe from this list: send the line "unsubscribe linux-gpio" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html