2017-11-24 7:47 GMT+01:00 Heiner Kallweit <hkallweit1@xxxxxxxxx>: > So far we completely rely on the caller to provide valid arguments. > To be on the safe side perform an own sanity check. > > Signed-off-by: Heiner Kallweit <hkallweit1@xxxxxxxxx> > --- > drivers/misc/eeprom/at24.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/drivers/misc/eeprom/at24.c b/drivers/misc/eeprom/at24.c > index 00d602be7..52cbaeb6f 100644 > --- a/drivers/misc/eeprom/at24.c > +++ b/drivers/misc/eeprom/at24.c > @@ -569,6 +569,9 @@ static int at24_read(void *priv, unsigned int off, void *val, size_t count) > if (unlikely(!count)) > return count; > > + if (off + count > at24->chip.byte_len) > + return -EINVAL; > + > client = at24_translate_offset(at24, &off); > > ret = pm_runtime_get_sync(&client->dev); > @@ -614,6 +617,9 @@ static int at24_write(void *priv, unsigned int off, void *val, size_t count) > if (unlikely(!count)) > return -EINVAL; > > + if (off + count > at24->chip.byte_len) > + return -EINVAL; > + > client = at24_translate_offset(at24, &off); > > ret = pm_runtime_get_sync(&client->dev); > -- > 2.15.0 > > Applied to at24/fixes, thanks!
