[PATCH] mfd: mt6370: add bounds checking to regmap_read/write functions
Dan Carpenter
dan.carpenter at oracle.com
Mon Aug 22 05:57:05 PDT 2022
On Fri, Aug 19, 2022 at 09:27:13AM +0300, Andy Shevchenko wrote:
> On Fri, Aug 19, 2022 at 8:25 AM Dan Carpenter <dan.carpenter at oracle.com> wrote:
> >
> > It looks like there are a potential out of bounds accesses in the
> > read/write() functions. Also can "len" be negative? Let's check for
> > that too.
>
> ...
>
> > Fixes: ab9905c5e38e ("mfd: mt6370: Add MediaTek MT6370 support")
>
> > From static analysis. This code is obviously harmless however it may
> > not be required. The regmap range checking is slightly complicated and
> > I haven't remembered where all it's done.
>
> Exactement! I do not think this Fixes anything, I believe you are
> adding a dead code. So, can you do deeper analysis?
I spent a long time looking at this code before I sent it and I've
spent a long time looking at it today.
Smatch said that these values come from the user, but now it seems
less clear to me and I have rebuilt the DB so I don't have the same
information I was looking at earlier.
So I can't see if these come from the user but neither can I find any
bounds checking.
regards,
dan carpenter
More information about the Linux-mediatek
mailing list