[REPORT][next] pinctrl: pinctrl-microchip-sgpio: out-of-bounds bug in sgpio_clrsetbits()
Gustavo A. R. Silva
gustavo at embeddedor.com
Wed Feb 3 07:51:01 EST 2021
On 2/3/21 06:00, Lars Povlsen wrote:
>
> Gustavo A. R. Silva writes:
>
>> Hi,
>>
>> While addressing some out-of-bounds warnings, I found the following bug:
>>
>> drivers/pinctrl/pinctrl-microchip-sgpio.c:154:57: warning: array subscript 10 is above array bounds of ‘const u8[10]’ {aka ‘const unsigned char[10]’} [-Warray-bounds]
>>
>> The bug was introduced by commit be2dc859abd4 ("pinctrl: pinctrl-microchip-sgpio: Add irq support (for sparx5)"):
>>
>> 575 sgpio_clrsetbits(bank->priv, REG_INT_TRIGGER + SGPIO_MAX_BITS, addr.bit,
>> 576 BIT(addr.port), (!!(type & 0x2)) << addr.port);
>>
>> REG_INT_TRIGGER + SGPIO_MAX_BITS turns out to be 10, which is outside the boundaries
>> of priv->properties->regoff[] at line 154:
>
> Hi Gustavo!
>
> Thanks for spotting this - the "+" is misplaced. I will submit a patch
> asap.
Awesome. :)
Thanks
--
Gustavo
More information about the linux-arm-kernel
mailing list