On 23.2.2018 14:38, Geert Uytterhoeven wrote: > The cdns_uart_port[] array is indexed using a value derived from the > "serialN" alias in DT, which may lead to an out-of-bounds access. > > Fix this by adding a range check. > > Fixes: 928e9263492069ee ("tty: xuartps: Initialize ports according to aliases") > Signed-off-by: Geert Uytterhoeven <geert+renesas at glider.be> > --- > v2: > - Fix Fixes reference. > --- > drivers/tty/serial/xilinx_uartps.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/tty/serial/xilinx_uartps.c b/drivers/tty/serial/xilinx_uartps.c > index b9b2bc76bcac606c..abcb4d09a2d866d0 100644 > --- a/drivers/tty/serial/xilinx_uartps.c > +++ b/drivers/tty/serial/xilinx_uartps.c > @@ -1110,7 +1110,7 @@ static struct uart_port *cdns_uart_get_port(int id) > struct uart_port *port; > > /* Try the given port id if failed use default method */ > - if (cdns_uart_port[id].mapbase != 0) { > + if (id < CDNS_UART_NR_PORTS && cdns_uart_port[id].mapbase != 0) { > /* Find the next unused port */ > for (id = 0; id < CDNS_UART_NR_PORTS; id++) > if (cdns_uart_port[id].mapbase == 0) > Reviewed-by: Michal Simek <michal.simek at xilinx.com> Thanks, Michal