On Thu, 8 Aug 2024 10:12:12 +0300
Dan Carpenter <dan.carpenter@xxxxxxxxxx> wrote:
> Hello Marek Vasut,
>
> Commit 025f23cfebad ("iio: light: noa1305: Make integration time
> configurable") from Jul 15, 2024 (linux-next), leads to the following
> Smatch static checker warning:
>
> drivers/iio/light/noa1305.c:201 noa1305_write_raw()
> error: buffer overflow 'noa1305_int_time_available' 16 <= 31
>
> drivers/iio/light/noa1305.c
> 183 static int noa1305_write_raw(struct iio_dev *indio_dev,
> 184 struct iio_chan_spec const *chan,
> 185 int val, int val2, long mask)
> 186 {
> 187 struct noa1305_priv *priv = iio_priv(indio_dev);
> 188 int i;
> 189
> 190 if (chan->type != IIO_LIGHT)
> 191 return -EINVAL;
> 192
> 193 if (mask != IIO_CHAN_INFO_INT_TIME)
> 194 return -EINVAL;
> 195
> 196 if (val) /* >= 1s integration time not supported */
> 197 return -EINVAL;
> 198
> 199 /* Look up integration time register settings and write it if found. */
> 200 for (i = 0; i < ARRAY_SIZE(noa1305_int_time_available); i++)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^
Good find. Should be ARRAY_SIZE() / 2 I think.
Marek, spin a patch? If not I'll get to it soonish.
>
> --> 201 if (noa1305_int_time_available[2 * i + 1] == val2)
> ^^^^^^^^^
> Buffer overflow
>
> 202 return regmap_write(priv->regmap, NOA1305_REG_INTEGRATION_TIME, i);
> 203
> 204 return -EINVAL;
> 205 }
>
> regards,
> dan carpenter
>
