The ngpio fields both in struct gpio_device as well as gpio_chip are
16-bit unsigned integers. Let's not risk an overflow and check if the
property value represented as a 32-bit unsigned integer is not greater
than U16_MAX.
Fixes: 9dbd1ab20509 ("gpiolib: check the 'ngpios' property in core gpiolib code")
Signed-off-by: Bartosz Golaszewski <brgl@xxxxxxxx>
---
drivers/gpio/gpiolib.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c
index a3d14277f17c..3c4f47b9ab57 100644
--- a/drivers/gpio/gpiolib.c
+++ b/drivers/gpio/gpiolib.c
@@ -677,6 +677,11 @@ int gpiochip_add_data_with_key(struct gpio_chip *gc, void *data,
else if (ret)
goto err_free_descs;
+ if (ngpios > U16_MAX) {
+ ret = EINVAL;
+ goto err_free_descs;
+ }
+
gc->ngpio = ngpios;
}
--
2.30.1
[PATCH] gpiolib: check for overflow when reading the 'ngpios' property
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: [PATCH] gpiolib: check for overflow when reading the 'ngpios' property
- From: Bartosz Golaszewski <brgl@xxxxxxxx>
- Date: Sun, 6 Mar 2022 20:34:20 +0100
- Follow-Ups:
- Re: [PATCH] gpiolib: check for overflow when reading the 'ngpios' property
- From: Andy Shevchenko
- Re: [PATCH] gpiolib: check for overflow when reading the 'ngpios' property
- Prev by Date: Re: [PATCH] gpiolib: fix the size of the ngpios variable
- Next by Date: Re: [PATCH] gpiolib: check for overflow when reading the 'ngpios' property
- Previous by thread: [PATCH] gpiolib: fix the size of the ngpios variable
- Next by thread: Re: [PATCH] gpiolib: check for overflow when reading the 'ngpios' property
- Index(es):
 |