From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0b-001ae601.pphosted.com (mx0b-001ae601.pphosted.com [67.231.152.168]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 66E39355F53 for ; Fri, 8 May 2026 14:10:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=67.231.152.168 ARC-Seal:i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778249460; cv=fail; b=DDxl9RQkYsSvWHl9LPgCnNqVbhT4XibVaAT5OOBHCeRuVJFHA7yJlLOGwsznH4y6NxypzBvugQCiMVyZS/8iy3C7z3aZluL6/Fam97wtQ4qoU2HJkG2J/SaA7O7XoXnsI03Rn7ESCCt9H0uONw5AGbYcYwOj10FjP9aVA3Sh/K4= ARC-Message-Signature:i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778249460; c=relaxed/simple; bh=puDi1X3ESZLakCbalR2gbKz3k5hb5d8/WGfElchEIAg=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:Content-Type; b=F7ij+YBihXwucZ9b5e1RAL5KIgpQ61MkvqINg6/R1eUuHJTxdXFr0ZEMaywIMZRo7nAdFBIBuDo1kuw7xB/TV78OROx08dU+tp6S8/cJsJNR2doFa2z8gnDwXYf7ABtlaqGHdGvDez5DRhMkTXnhXc/L5k6WiXZ2xTTPI2jlxgY= ARC-Authentication-Results:i=2; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=opensource.cirrus.com; spf=pass smtp.mailfrom=opensource.cirrus.com; dkim=pass (2048-bit key) header.d=cirrus.com header.i=@cirrus.com header.b=OLDKWgma; dkim=pass (1024-bit key) header.d=cirrus4.onmicrosoft.com header.i=@cirrus4.onmicrosoft.com header.b=ZC+17b3I; arc=fail smtp.client-ip=67.231.152.168 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=opensource.cirrus.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=opensource.cirrus.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=cirrus.com header.i=@cirrus.com header.b="OLDKWgma"; dkim=pass (1024-bit key) header.d=cirrus4.onmicrosoft.com header.i=@cirrus4.onmicrosoft.com header.b="ZC+17b3I" Received: from pps.filterd (m0077474.ppops.net [127.0.0.1]) by mx0b-001ae601.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 648Cfiqf528280; Fri, 8 May 2026 08:48:17 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cirrus.com; h=cc :content-transfer-encoding:content-type:date:from:message-id :mime-version:subject:to; s=PODMain02222019; bh=aHvAm4r9HGA/pIx+ o/A7No6ZLSq3CYAIxH0qeJgyqvY=; b=OLDKWgmaNx5JFCrWZvm3JWIQ3khvMZwT rPhFLQP5eHIoZjG/7NEgKrGVcLyRob9txOZ8GcCGdOiX3d6xtzz/C7G6CavucOEs D3RUWGRseK2+qbf8duts9AJXOphNyVKDsHcCiTRRJtvsuffhQzuukbnj3YMYxty/ YJTbOrBASSAEPy6y3eGEAMBP5lfBitPrYq3nLeWrMm14/kPeErVPErFY7uIp/k6v //3hG1qG6Utqzl9f6WSsipbQDKtwMdcQWwmxsChsZLZ83yTQ3hQeRPYyYQ/yXu2A l1DTj6xwIgtyIlucgSRKegBSsqam/9lthFzYudCQKd3IMV5w1QYTMg== Received: from sn4pr0501cu005.outbound.protection.outlook.com (mail-southcentralusazon11021101.outbound.protection.outlook.com [40.93.194.101]) by mx0b-001ae601.pphosted.com (PPS) with ESMTPS id 4e1g20r2dp-1 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT); Fri, 08 May 2026 08:48:17 -0500 (CDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=g1/QFHKgt6aN21cSp/xl3jf1fN4803BHRJv7NwUFuVoFCMD8yrDLCVkz4IKNd/40Yl57u9w1/sHw89lUKy20tBvVCQ0DRG3wGa+icHLHwFhNOEdr8fshjqgo/la4kU1sjGplAZkY0SJQsHaObxwaCD/1ocMuXGcFgMpcmIjo5aVV4C7i/PhdJQhqLJWwRV+fKPl5pB3t1qp6Bh13QWf927uIJaGwEEaU/HN60brEihsiHW/hOyaqYLUcLe62DrFV+aiUdnrJUymareOUzO3QlapUkS02R9EFyLsm56907i3r4VKYkMDq92NT2U4vZYWo8AlAyNZyMFEW3EVtqorKIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=aHvAm4r9HGA/pIx+o/A7No6ZLSq3CYAIxH0qeJgyqvY=; b=Au7H1tQLw6AZ2pFsfHIm4XjH5N08JMrIlw+ukz6b+hmRjxn67ewefJvazWHi2aQSQge3JmN66XIW20YD5+WbNv/+WE2be7a2T0trrcOAHBAmgAjVdvqUc2Lz3xqoVw5khFj+PXCSJ0RNyXw6bm+6PQ8t35WYb3lVzqXvJADbIoZ99+aRFCyl+7gH1UfA5JC7PbyJActZHohyUUjZS21Se9ysAEwg69KFKMW3bYDO1QZHn7LJtOaiHrBCsDUUeUDSgH94iecF+aQf9cVYFvtLANO8Z45yNn/y7HDOI2Xpkm6rHM7nehE5E4Q8JsKiFpVghTCKmzCvW06awTHdDS27Tg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip is 84.19.233.75) smtp.rcpttodomain=cirrus.com smtp.mailfrom=opensource.cirrus.com; dmarc=fail (p=reject sp=reject pct=100) action=oreject header.from=opensource.cirrus.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cirrus4.onmicrosoft.com; s=selector2-cirrus4-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aHvAm4r9HGA/pIx+o/A7No6ZLSq3CYAIxH0qeJgyqvY=; b=ZC+17b3I7/pB1z2IhnkyW2xivjfADNWcr3LQ4ph47iPLCgMW13fcszS7VndzVAOV2GuGMq9/uewYZsczakUdP0lcKo0vaF+mRwt5+v+dDFaicNFWpI1obtUje1O8jFVP7pTdiwjjWSmGYyNvLEFSc6brbiUoEeS1HV6CLthSlAg= Received: from MW4PR03CA0093.namprd03.prod.outlook.com (2603:10b6:303:b7::8) by LV2PR19MB5886.namprd19.prod.outlook.com (2603:10b6:408:173::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9891.19; Fri, 8 May 2026 13:48:13 +0000 Received: from SJ5PEPF00000204.namprd05.prod.outlook.com (2603:10b6:303:b7:cafe::85) by MW4PR03CA0093.outlook.office365.com (2603:10b6:303:b7::8) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9891.19 via Frontend Transport; Fri, 8 May 2026 13:48:12 +0000 X-MS-Exchange-Authentication-Results: spf=softfail (sender IP is 84.19.233.75) smtp.mailfrom=opensource.cirrus.com; dkim=none (message not signed) header.d=none;dmarc=fail action=oreject header.from=opensource.cirrus.com; Received-SPF: SoftFail (protection.outlook.com: domain of transitioning opensource.cirrus.com discourages use of 84.19.233.75 as permitted sender) Received: from edirelay1.ad.cirrus.com (84.19.233.75) by SJ5PEPF00000204.mail.protection.outlook.com (10.167.244.37) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9891.9 via Frontend Transport; Fri, 8 May 2026 13:48:11 +0000 Received: from ediswmail9.ad.cirrus.com (ediswmail9.ad.cirrus.com [198.61.86.93]) by edirelay1.ad.cirrus.com (Postfix) with ESMTPS id 859BB40654F; Fri, 8 May 2026 13:48:09 +0000 (UTC) Received: from ediswws07.ad.cirrus.com (ediswws07.ad.cirrus.com [198.90.208.14]) by ediswmail9.ad.cirrus.com (Postfix) with ESMTPSA id 7860C82024A; Fri, 8 May 2026 13:48:09 +0000 (UTC) From: Charles Keepax To: lee@kernel.org Cc: linux-kernel@vger.kernel.org, patches@opensource.cirrus.com Subject: [PATCH] mfd: cs42l43: Sanity check firmware size Date: Fri, 8 May 2026 14:48:04 +0100 Message-ID: <20260508134804.1787461-1-ckeepax@opensource.cirrus.com> X-Mailer: git-send-email 2.47.3 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ5PEPF00000204:EE_|LV2PR19MB5886:EE_ Content-Type: text/plain X-MS-Office365-Filtering-Correlation-Id: 2c05480c-e2a7-40df-de3a-08dead087223 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|61400799027|36860700016|82310400026|18002099003|16102099003|56012099003; X-Microsoft-Antispam-Message-Info: mkTZ3GpEfd+YHE/ZHZKyOVJpft7zqq98H1p8GZfHf7Ha/AA7obBm75MKdIaQNntgQOtFm0u5FBPe7JcJ2ADP3fxYkLZO8086JZHbRdMh7MEU7Ox18+GVCdLTjqKpntWJmx4BagUZy0XvxV/H50cd8wx/wnTO3WoPs3lB6OvQ6vGWDnS21QLM3HJLqIofE7aL3X+1Xnk4DEZwvTnZyQNl7zeQTd3RNWXDl7c9OTIdQr4XLnQv0BHEt19KqrZAbzwj0a2fXxVglD0p92/BjktZgXsLRC+76Smqr6XK3IT7YJbjTZC7gKBKydmHEN8u6p5pfgEQbScihpT6T3LfCfca7ZMphUMq5XvdGkbmXiwEH2gUn6biqEwez9aN7asSNt/aOEmp6lmAB9szVFTMmMONJFnPmKV2m32Zhf+1cuXpBx4+iq4Y36JAb2aw6TWL6VePL4oPamD6+K50HMB0kw2FwfUCuqP6tE6rUkdbvWKiSmx7MaAxwInjDubUzAgkFor2B6WwB3WXEYPnD1stAbjio3ezOFGfAAuqaOizyvNtZq7jeiL9+u3y+Tsrye/6dY4AGf8DAHHRkLbHqai3g8UT7kOz3HSzy95Dgv+9QZ9ZgLn+rEmEosI7gsVcQ4VHfV7/RHK+S3156l4XLSqK8ymp75UGyy7RNLSzUOi1uvY9R4x14+xo3+WTlx35ksNVoEdwuswWRzOoEWCSdF5LTZ3+fOHfeS24BHLox8Hvi53MFq4= X-Forefront-Antispam-Report: CIP:84.19.233.75;CTRY:GB;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:edirelay1.ad.cirrus.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(61400799027)(36860700016)(82310400026)(18002099003)(16102099003)(56012099003);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 0O6MKI9AhadpFJ7N2fKqf3zpJVeR4e3a0xv+OmunFBkh+FybuyVd01FQ23jyUzHllH3u0TTeI9f+2U8Pm25TJtWbCOmzyXi/YlLrMxHUQs804MF6rWBHbNn2rmDCUcDNh1xtVBwrLizkhDQ6bi9nV506Cjwfipr+Sj+9kGUZBs1CZaEw7LeGUX+ZjgqIEEs9w+1rt+MwG8dhAGJmNfa7MiOVCWp+jo+kws4HzbZdNdXoHOqvb63zBZLZGrmWLXiqhl6RFvsriAZzRmtCPOYmKkkC12w9HjIFtu7Z3vq//qYDao3r326gfih4+vmM9QYc7RcJlBBiti8Gn4W2rBMfxyuynUy8ixtKQ6SdyQYx7GaCjWzBK7in1+GleD7Nq7L5rvqa1+N40vNz/w0r3jGic2WclkjwSHjTTTmwOq2tqLPqVsLnFlpROdtIs+vO60dw X-Exchange-RoutingPolicyChecked: TgDRmzLs+/DKnl9yeumBvWIkIdgsKnN7JJhPHhkcO4bwOm6Q/UIbQQ5HKFvSu/dClJRihgbKcCBDEHrULglQo3NfvSXCKlvln1lYso8XV4ZfWtRU499e/eSJxUpmAASVxk1WzrTfP3UExMo91HA9W/iRkz7oDYwSnW65gKzdo3VDq8u6MdTN0OptscbsKu6dqchU6cX6ZlAIz/g+l8gsqn5pYO6+bOMcH0dllXpJOn9ZVo1jf4ZR7tRJRn/aOnI+kJ9jL0q6KoFd074l4j12jMXcFPho6Ksxq4C64LXPA/I9539zK+lVuC5Wy6i2/HmZnGNahqncE8i4v9rkIGutXA== X-OriginatorOrg: opensource.cirrus.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 May 2026 13:48:11.6189 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 2c05480c-e2a7-40df-de3a-08dead087223 X-MS-Exchange-CrossTenant-Id: bec09025-e5bc-40d1-a355-8e955c307de8 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bec09025-e5bc-40d1-a355-8e955c307de8;Ip=[84.19.233.75];Helo=[edirelay1.ad.cirrus.com] X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: TreatMessagesAsInternal-SJ5PEPF00000204.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV2PR19MB5886 X-Proofpoint-GUID: Ai7gRj5_7Oj8Hwegm3YVjLtKPirLcg7O X-Proofpoint-ORIG-GUID: Ai7gRj5_7Oj8Hwegm3YVjLtKPirLcg7O X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTA4MDE0MyBTYWx0ZWRfXyyDQSShGiGO9 EoqLCQK8FotmnZAVTDXs4MJeCRP1JKGvgKfqAJz4VaYUCs6lprJpHBU/q0lpERhloKJK+3CDL+n /3UTEQRS1+oBsTRqLu/ZYoysMCQl2UWfA8v9rge7ZjCTZcrL0I7cMPct9Sy8agP3+IAZGr1RHUl mKwuNOLgs0VYhw4nA2vodFao5x245gOX0sgbYui6gB78zG0ZolttWjO5yiq8w041I2w78xJpZPi jcuTHeZFFEYy/Dde+EQG7TB75zbs72R3JVl9St1TGhlWwmZG1pmnJqeBCBNe4sLsCdz0Er6AMzD b4nvK0yBdKESboVEM/dHGvpzN/cN/6L9ziSAwCOCH/QwL0CYp3l8Sh0q8pBEppRxYCszjtASf4Y GtGxTT126la1MzOJ0gcdHROCqaGnC/KNsnt9uPKl3TGCUYWQjg0YGmjs3EpKZJWPohx/oShgo6c XDxclxz1QP9RLI+fxgQ== X-Authority-Analysis: v=2.4 cv=Nc/WEWD4 c=1 sm=1 tr=0 ts=69fde9a1 cx=c_pps a=+kXwOJT9iXP9BgnuWAWdUA==:117 a=h1hSm8JtM9GN1ddwPAif2w==:17 a=6eWqkTHjU83fiwn7nKZWdM+Sl24=:19 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=NGcC8JguVDcA:10 a=s63m1ICgrNkA:10 a=RWc_ulEos4gA:10 a=VkNPw1HP01LnGYTKEx00:22 a=iX4cTi3TZMoOKdANLEfx:22 a=KfkQE9S9VqCBgivYGm0O:22 a=w1d2syhTAAAA:8 a=PFRVD08ptiTgiY8odSUA:9 a=zZCYzV9kfG8A:10 X-Proofpoint-Spam-Reason: safe Currently the code checks if a firmware was received, however it does not verify that the firmware size is larger than the firmware header. As the firmware pointer is dereferenced as a pointer to the header structure this could lead to an out of bounds memory access. Add the missing check. Fixes: ace6d1448138 ("mfd: cs42l43: Add support for cs42l43 core driver") Signed-off-by: Charles Keepax --- drivers/mfd/cs42l43.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mfd/cs42l43.c b/drivers/mfd/cs42l43.c index 166881751e698..ed6d93893de04 100644 --- a/drivers/mfd/cs42l43.c +++ b/drivers/mfd/cs42l43.c @@ -722,7 +722,7 @@ static void cs42l43_mcu_load_firmware(const struct firmware *firmware, void *con unsigned int loadaddr, val; int ret; - if (!firmware) { + if (!firmware || firmware->size < sizeof(*hdr)) { dev_err(cs42l43->dev, "Failed to load firmware\n"); cs42l43->firmware_error = -ENODEV; goto err; -- 2.47.3