From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753332AbcFBMfV (ORCPT ); Thu, 2 Jun 2016 08:35:21 -0400 Received: from mail-bn1bon0077.outbound.protection.outlook.com ([157.56.111.77]:48064 "EHLO na01-bn1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751772AbcFBMfP (ORCPT ); Thu, 2 Jun 2016 08:35:15 -0400 X-Greylist: delayed 5555 seconds by postgrey-1.27 at vger.kernel.org; Thu, 02 Jun 2016 08:35:15 EDT Authentication-Results: spf=pass (sender IP is 137.71.25.55) smtp.mailfrom=analog.com; kernel.org; dkim=none (message not signed) header.d=none;kernel.org; dmarc=bestguesspass action=none header.from=analog.com; Reply-To: Subject: Re: [PATCH] iio: dac: fix off-by-one comparison and out-of-bounds write References: <1464861990-9155-1-git-send-email-colin.king@canonical.com> To: Colin King , Lars-Peter Clausen , Jonathan Cameron , Hartmut Knaack , Peter Meerwald-Stadler , CC: From: Michael Hennerich Organization: Analog Devices Inc. Message-ID: <57501038.1070207@analog.com> Date: Thu, 2 Jun 2016 12:53:44 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.8.0 MIME-Version: 1.0 In-Reply-To: <1464861990-9155-1-git-send-email-colin.king@canonical.com> Content-Type: text/plain; charset="windows-1252"; format=flowed Content-Transfer-Encoding: 8bit X-EOPAttributedMessage: 0 X-Forefront-Antispam-Report: CIP:137.71.25.55;IPV:NLI;CTRY:US;EFV:NLI;SFV:NSPM;SFS:(10009020)(6009001)(2980300002)(438002)(377454003)(24454002)(189002)(199003)(76176999)(77096005)(86362001)(53806999)(54356999)(19580405001)(87266999)(230783001)(50986999)(83506001)(59896002)(2950100001)(11100500001)(19580395003)(117636001)(5008740100001)(43066003)(87936001)(65816999)(6806005)(5001970100001)(5001770100001)(2870700001)(586003)(4326007)(4001350100001)(3450700001)(122286003)(189998001)(23746002)(106466001)(8936002)(47776003)(50466002)(65806001)(65956001)(8676002)(36756003)(8666004)(2906002)(7059030)(62816006);DIR:OUT;SFP:1101;SCL:1;SRVR:BN3PR0301MB1313;H:nwd2mta1.analog.com;FPR:;SPF:Pass;MLV:sfv;MX:1;A:1;LANG:en; X-Microsoft-Exchange-Diagnostics: 1;BY2FFO11OLC006;1:JcP5scSLOnqyNFttwhbsWHFNOFkcMFfWkKXqYMYe5m2Ss+KRWTnT4/tB5N3nOB8ide7RCnFv3kwuc7TXlpjri6hBnrgSsh4qtSXSiLGrFta0WcHYfKNtfqLizteDOk3OGL3EEGOh1AcNFQcFbl0/uicmsOLEyzX+SdauUI6nE4ZSVbDICarIyPnSd+89ljmXTzi/oTQEYoT9QGSKoJiPnSrryftMUhHMS4KzzYjZdlRVWHex3p0b4+D8nZLyfgVA/Z13uVane8xaeHotnBLFpE2JJ3SrK2EvNqQOwvSGiiOj7RCohUN2VBZUhL2t5ICTsXNHKRA7wzu3CC46V64vl2Y7rnpRWrsW+kYlPL9t7IGKNBoPn9lNVjPhHoRreTTCXsjb4y7pyGijECYEuKcSjIhebRBSD2KiSwPIW4MV6KbBKOG8xY7SJD+TCwtzUOvrXG168j67octlBRfUv76VrYkwQLUgtm196b+i0mj8BOmTlaWPtjWDGIBbphvr+pbtYZo11EG82TAzozcWRN6vd6wlT0EurniCQW3E6Bm912iHPgN8sSxWeZg56it3ok2L X-MS-Office365-Filtering-Correlation-Id: 82b1020b-dc70-47ac-acda-08d38ad56816 X-Microsoft-Exchange-Diagnostics: 1;BN3PR0301MB1313;2:UbuQXQKwCmHWfg0fEvRewnNHzEFcfhWd6rscd2IFmsJRjDdQ7e74AYPyCBdcncZ7eJrwX17RGyW60L7CsXKT7inDh7OWdbsD13f87qvnqxRo//wiKLGNtapOeCQcW/bvaICvonhOoTFgEqyZbpKcbrx16eRAhMMvo/I5EV9rHu09sVaeSz1JmQUt+oeECBtL;3:wOQo5aXTUEmllw/n36sQUORhFAnHv2LEX0/nqsHhTxjzwyJmy3TZoEvPhZgaDVYy1++sbXhtksjtl+5WOQDOoGxylglLAyV/r1tg09AwrdqJ3c8YJ27IOixSO0xz1RruYPEeYRUfrPKgZH5LdxCObQ6kWU7GCQtkQfKyHD42Q04pfGSV8J4wd1/vR5l/T1kggtCvlD/kxAaSbRvhBqqMPHPyjinwxp6O8b2Lbx5VjtuKulJnYxr+kzPoOoRvIysem5cZEDiY9fQ/4IrW5u8TAw== X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(8251501002);SRVR:BN3PR0301MB1313; X-Microsoft-Exchange-Diagnostics: 1;BN3PR0301MB1313;25:GcJrArFHjKvY+gIf/GC4LKOOElG/cTlnm4YU1wQTJK9brRsHNtOcY2gmO2ZZPb0iw1aSbTT01+bRZmRyNcY1QMpSFbubxwUOpSFY3ZGQt5zphCTFG0pPuAKIKcE+h3IqqFNE85m1ocWZcB7OxQ53a8LTibZMYUSa6sPTH2yOrgJxkFATm5n0A/2f6BFwrY69OveqUm71UTKmPLjc1/DLsXh5Cb0NG5+YjPM3SPwK4BgwfzSBFe3VlB8KMaS5le7Rs7tbgv2QKQSZ1WYux0ECVqBOGfOTrYy4q+v3fjVOettaVL3sPBpGZ9Jbz4yUibVi36Lt5EIG0HgRZ7hfeGEUSBkDhoQ4d0kWjEKYa/v1pDZGTTjtDINoV8FALkWC1CLcdIfBXV7n4Wh+XS6PZTHf8NJVHa1RbJwHzzz3rHWL6Vjs1IcXhtHb6A3lCBLogdEBliv+8/e/PKSUdWGqjGSvkOc5eVnHSPeoSutJGKBwiea7muukFsedygRxdLK93mUyy34ZsAmnO2n7TpPP5fLQUNB/7I6ZWZBWlzLn7iB9pl1YXyL1cWeoYre+uJguLu4HdGaQjS9hLOo3bRiSNW0FwWxYo2VzzmVhn2IoYvIhZD0hMNUh5zoioyPJjNuRvQZ7ugD5WUWHMj38gYpZm9uI8XUQeSbIGGjtswqNbkzh17TxjQFAa7deTKUUlprYkKFbsjhy4bqFczVQj4oIoPJc1MsvEJMHuSxyTVeBav79K393VSoaaFZhZJXqlWxrA9VD X-Microsoft-Exchange-Diagnostics: 1;BN3PR0301MB1313;20:ii8a812TFnWnYiLFdT4YoOR2b7yi/kuHqoVydrOtis9z8MMMvn3xDinEXWpfMgY5Y0/ZFz6wk6bAwJwFpeQ5ybFHYopDEDPhNDaTW153iZcEEv7V/S5X28m+BrjK9qbSFQV2lzdz3iAMSN90K8CiBDYoGJ6IzFh5MlOhrzrwLUQtQxDrJ/8EjX9h45mDKQZckC/nqpNOHwXoy/NlOj4QY2PObWQ0BDEEtVsTWghGZL1ODcKitzWOD5L8KGdDDYNnB/7nygjt8U7dX+mh0jx7B1F08Qb3DumS6SK3dHss+98gaH12JZsZ17NHJkRu1tVTIAitATcBTGeA6CONF305+UlPY68Ifb7oRw+lArOTB4jHEeXM5F+4V1xxiIhWCk1C5caLyiRhrS7ui+lRrCK4cJ9wUDebp3eoHZ5kLbOQrr2CnbsQBPtjnYVfKxYceUSmTLfzo/l36TsGgMpTpiydBi1W1Se0jdSLnfZ0jDmUewvxVySThqU2I3UIqntFB/Mk X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(232431446821674)(198206253151910); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(601004)(2401047)(13015025)(13018025)(13017025)(5005006)(13023025)(13024025)(8121501046)(3002001)(10201501046)(6055026);SRVR:BN3PR0301MB1313;BCL:0;PCL:0;RULEID:;SRVR:BN3PR0301MB1313; X-Microsoft-Exchange-Diagnostics: 1;BN3PR0301MB1313;4:nIMO3k41QMVbxtrr4KImJSf+yPWb7JIKMSS8aV5LTAr02p5iHmtjhZ6tY+0n9s2/iJJx0WIAQkr+5H2aaCWvYoCS58JXpkxZOIcIla3dhYtLEGo4gTMnj7ncWCjOuk8Xfc+/oLtBceAwIwxL9UAOlzpJZ87FRMh3fHizL+akAywtC6JRY6SPnj6JFmfIsgnTVF/uyQLUAESBerOOcN926W8Q7UpW/5h4uicBhEXwyQmr0uOA77ayHDUq5TYTpHWbX6jqWCBi9r2eqRtecsvn21iQUZFEsw5fjd6k5MS0Qo2oNjRoDhBUUpjjPdrww4BVam06xqDEYMibnJJ25Spn4t/n/gJi/EcyCVnUJ6Jzdkm4LYGCubHymGGR6rf3u4G+fef3vNqJ0fCAQnl+BuuDOpFnV29yTJfIHhscXVoMMuCl1Efh49oRs4UgS/akWfB/bPKeSgUW8lxORbXeM9zOTNgH/ZaGwhKg+viW7JrHjoF+9kFSoiTglTSdTiaTafHNZb2s+Yc4W/19gy+jFHyHNYNYfeS7Qpqxe1BWWqTL3SGa390Fu4tPyHF8yR62GKpW X-Forefront-PRVS: 0961DF5286 X-Microsoft-Exchange-Diagnostics: =?Windows-1252?Q?1;BN3PR0301MB1313;23:MpBpXWprFyrtKipPA9FVeOeo9ZGtII/fA2L?= =?Windows-1252?Q?4ySajuy+rlTYiWIRDuWeYxfODAv/+cvmYcXkR79hPGjykTpobWQ8ZRPL?= =?Windows-1252?Q?q4MwdObbkBHgBQEwaguykSEPbrTeZpqyWUEXfyjenYWZD2+cJqCh5GIr?= =?Windows-1252?Q?EK1r4h1vTd+HRe1/gcyt2xxGvbvvublaf58GaCuAGRRsfzO+TL/Ljh+g?= =?Windows-1252?Q?IbNE9iiZk8RHVrZN9SYbnG/KM3FVqHbppObApExufSaW6BImnlsP6Qcw?= =?Windows-1252?Q?JNp7MWnWBhtsMhYlAyNz7tOWuQVQfwst9W9hGcy2DKJsbQpfGzeRbidu?= =?Windows-1252?Q?7rr6syiZxWzrgAyfiS7J4ahxlXlofX8iRaF9w4ZNzaUo9J8Rn1ZgJy+i?= =?Windows-1252?Q?TvGs1ajO6HhxPDwKVK93AEHIy48tfSxhPI28KiPKGNKZXBRvwSfTxrLc?= =?Windows-1252?Q?pCJ1XH02uquPUkKxRYBduUjeuosNf3yH5lVHX8PhlAYSzHUHNF3XSMWT?= =?Windows-1252?Q?LAl1oc4H8EfN452Tpnkwxg7ZYTmKWwKhPcPi8qgpa+tLug+zmz3aqNG/?= =?Windows-1252?Q?NLy+sPF9KWA6wmClqWMacQ/mNPf0o3po9aG4szBgoqIQ6WvkbdXUbLnW?= =?Windows-1252?Q?3wWTXm1wer04O76UjbPqadtTP+r+24xFR7Rw4ttZYRWGh3DgeFZxpQyx?= =?Windows-1252?Q?wrAzEdoq3EJI6mjJLreGOZHB4yy0c1HF5WZkcL75Mqlub0/dBwyNZsET?= =?Windows-1252?Q?eewAOzS+zVh/j6QmDOiGT8jiT14NsFXUTHiOfPxTnmjw8ZJJyyhC6Xqd?= =?Windows-1252?Q?QJqBtmD66/DUe5zOvn9hcCVk7sHM5V+nLkXnHvw5PhT8GM+Yg+zOsPls?= =?Windows-1252?Q?ubV14gHPU46sU7dzKGkt0gQKk8qvQ9D0F7Vc6+MF1cYLdqUH2lsFquhV?= =?Windows-1252?Q?u187ZwUH3dqCLEmEi+MxULez7F8j7aBzqvl54PWW7vQLq+MB3BTmRKwa?= =?Windows-1252?Q?UoR3/oebQ+Lm08yX5uXEqE8cCL4OfNGZIU782DpR0cevjgXzB3qD+rHT?= =?Windows-1252?Q?yI74buLLQvOnrFyXg4LLSaWlgIFdvcL2ri+yQpIQTvAyN+DwHdrqqygr?= =?Windows-1252?Q?2QTy1q6LMiNXJFjQvWCvOB5CL1BDmgn9KXGLCD/q2B/m7uWFLKXy7NRm?= =?Windows-1252?Q?GyYTa8WWTolch7vM1HG75+pgmVP1I5kG3+bZrgc8aSycYUqeTrf84b6/?= =?Windows-1252?Q?+mvlA5zB0IoYV+n2FN5mbfVAlHvmWhkdJEnXGjFJkiunwypUPssgevZy?= =?Windows-1252?Q?IS4JiH3lJkUAzNWnC4ZlEaFGAE+VFbRxfB2rVRo9pHAEQ5A8=3D?= X-Microsoft-Exchange-Diagnostics: 1;BN3PR0301MB1313;5:/WbIU6iG17NhAH7n7epYCL7qeszehNuPBkjzi4Uy06yZ1qDNoHbs5Ad0Yl/RYqsXHKxavKWJrcEJJDIb1Ich9lB51uqQYmYzKoptnNmQWH3GQXUfIj5g7XQjANYpNwntdCfdDUbX0NaxSn4BSz3WfA==;24:Fv7m+Jji87Ra4f7taaKLU5SP7eTAkzo/Rx+WVon+t1dt/6kJ7Mut/mY/Rj0gGiuzZY4EI/aSANbYktb6VRTSM3a1Feo0inq609vA+ihFh7Y=;7:2ZkaUtJKg8mlgtSBGARKvi9rH/yzm9W/1VkoDfiP22r0O1YgB3vYZpJEbOkDwa9WTtSFE9hRBhL1YF4CCQsq+btr9GOdgddi5JRXQ8bxUcc3DBRtI3z7Thj9YIEbM+rCiz5CIviKE80PTGWPayFj85NlylhiHfm1kSc/T86OnGQVfxHiXBQX4f+Gu02BygRc SpamDiagnosticOutput: 1:23 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: analog.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Jun 2016 11:02:36.5235 (UTC) X-MS-Exchange-CrossTenant-Id: eaa689b4-8f87-40e0-9c6f-7228de4d754a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=eaa689b4-8f87-40e0-9c6f-7228de4d754a;Ip=[137.71.25.55];Helo=[nwd2mta1.analog.com] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0301MB1313 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 06/02/2016 12:06 PM, Colin King wrote: > From: Colin Ian King > > The check on reg is off-by-one, it should be >= rather than >. Fix > this to stop an out-of-bounds write to st->channel_modes[reg]. > > Signed-off-by: Colin Ian King Acked-by: Michael Hennerich > --- > drivers/iio/dac/ad5592r-base.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/iio/dac/ad5592r-base.c b/drivers/iio/dac/ad5592r-base.c > index 948f600..69bde59 100644 > --- a/drivers/iio/dac/ad5592r-base.c > +++ b/drivers/iio/dac/ad5592r-base.c > @@ -525,7 +525,7 @@ static int ad5592r_alloc_channels(struct ad5592r_state *st) > > device_for_each_child_node(st->dev, child) { > ret = fwnode_property_read_u32(child, "reg", ®); > - if (ret || reg > ARRAY_SIZE(st->channel_modes)) > + if (ret || reg >= ARRAY_SIZE(st->channel_modes)) > continue; > > ret = fwnode_property_read_u32(child, "adi,mode", &tmp); > -- Greetings, Michael -- Analog Devices GmbH Otl-Aicher Strasse 60-64 80807 München Sitz der Gesellschaft München, Registergericht München HRB 40368, Geschäftsführer: Peter Kolberg, Ali Raza Husain, Eileen Wynne