[PATCH] mfd: mt6370: add bounds checking to regmap_read/write functions

Dan Carpenter dan.carpenter at oracle.com
Mon Aug 22 05:57:05 PDT 2022


On Fri, Aug 19, 2022 at 09:27:13AM +0300, Andy Shevchenko wrote:
> On Fri, Aug 19, 2022 at 8:25 AM Dan Carpenter <dan.carpenter at oracle.com> wrote:
> >
> > It looks like there are a potential out of bounds accesses in the
> > read/write() functions.  Also can "len" be negative?  Let's check for
> > that too.
> 
> ...
> 
> > Fixes: ab9905c5e38e ("mfd: mt6370: Add MediaTek MT6370 support")
> 
> > From static analysis.  This code is obviously harmless however it may
> > not be required.  The regmap range checking is slightly complicated and
> > I haven't remembered where all it's done.
> 
> Exactement! I do not think this Fixes anything, I believe you are
> adding a dead code. So, can you do deeper analysis?

I spent a long time looking at this code before I sent it and I've
spent a long time looking at it today.

Smatch said that these values come from the user, but now it seems
less clear to me and I have rebuilt the DB so I don't have the same
information I was looking at earlier.

So I can't see if these come from the user but neither can I find any
bounds checking.

regards,
dan carpenter



More information about the Linux-mediatek mailing list