From: Mattijs Korpershoek <mkorpershoek@kernel.org>
To: Andrew Goodbody <andrew.goodbody@linaro.org>,
Marek Vasut <marex@denx.de>, Tom Rini <trini@konsulko.com>,
Lukasz Majewski <lukma@denx.de>,
Mattijs Korpershoek <mkorpershoek@kernel.org>
Cc: u-boot@lists.denx.de, Kory Maincent <kory.maincent@bootlin.com>,
Andrew Goodbody <andrew.goodbody@linaro.org>
Subject: Re: [PATCH 2/3] usb: musb-new: Limit check array index before use
Date: Fri, 03 Oct 2025 10:25:01 +0200 [thread overview]
Message-ID: <87tt0gqtnm.fsf@kernel.org> (raw)
In-Reply-To: <20250930-usb_musb-new-v1-2-be0c9b79a8a0@linaro.org>
Hi Andrew,
Thank you for the patch.
On Tue, Sep 30, 2025 at 16:52, Andrew Goodbody <andrew.goodbody@linaro.org> wrote:
> epnum is used as an index into an array. The limit check for this index
> should be performed before using it to access an element in the array to
> prevent possible bounds overrun.
>
> This issue was found by Smatch.
>
> Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org>
Reviewed-by: Mattijs Korpershoek <mkorpershoek@kernel.org>
> ---
> drivers/usb/musb-new/musb_gadget_ep0.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/usb/musb-new/musb_gadget_ep0.c b/drivers/usb/musb-new/musb_gadget_ep0.c
> index ea65326ab6264492ea668ddd047b360965a5ad19..25b1de6e58f9e2028e9b93a600d532ae0f5efcc1 100644
> --- a/drivers/usb/musb-new/musb_gadget_ep0.c
> +++ b/drivers/usb/musb-new/musb_gadget_ep0.c
> @@ -96,6 +96,9 @@ static int service_tx_status_request(
> if (!epnum) {
> result[0] = 0;
> break;
> + } else if (epnum >= MUSB_C_NUM_EPS) {
> + handled = -EINVAL;
> + break;
> }
>
> is_in = epnum & USB_DIR_IN;
> @@ -107,7 +110,7 @@ static int service_tx_status_request(
> }
> regs = musb->endpoints[epnum].regs;
>
> - if (epnum >= MUSB_C_NUM_EPS || !ep->desc) {
> + if (!ep->desc) {
> handled = -EINVAL;
> break;
> }
>
> --
> 2.47.3
next prev parent reply other threads:[~2025-10-03 8:25 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-30 15:52 [PATCH 0/3] usb: musb-new: Address some Smatch issues Andrew Goodbody
2025-09-30 15:52 ` [PATCH 1/3] usb: musb-new: Null check before dereference Andrew Goodbody
2025-09-30 15:52 ` [PATCH 2/3] usb: musb-new: Limit check array index before use Andrew Goodbody
2025-10-03 8:25 ` Mattijs Korpershoek [this message]
2025-09-30 15:52 ` [PATCH 3/3] usb: musb-new: Cannot test unsigned member to be negative Andrew Goodbody
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87tt0gqtnm.fsf@kernel.org \
--to=mkorpershoek@kernel.org \
--cc=andrew.goodbody@linaro.org \
--cc=kory.maincent@bootlin.com \
--cc=lukma@denx.de \
--cc=marex@denx.de \
--cc=trini@konsulko.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.