Message ID | 20210212154717.362233-1-mbriand@witekio.com |
---|---|
State | Not Applicable |
Delegated to: | Ambarus Tudor |
Headers | show |
Series | mtd: spi-nor: sfdp: Fix out of bound array access | expand |
On 12/02/21 04:47PM, Mathieu Dubois-Briand wrote: > Fix array index: explicitly use the array length to access the last > element, instead of an incorrectly set iteration variable. > > It seems this code was correct before following commit, were the > iteration counter is reused, leading to a value that may be out of > bound. > Fixes: dc92843159a7 ("mtd: spi-nor: fix erase_type array to indicate > current map conf") > > Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com> > --- > drivers/mtd/spi-nor/sfdp.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/mtd/spi-nor/sfdp.c b/drivers/mtd/spi-nor/sfdp.c > index 6ee7719e5903..11cc5d19e286 100644 > --- a/drivers/mtd/spi-nor/sfdp.c > +++ b/drivers/mtd/spi-nor/sfdp.c > @@ -881,7 +881,7 @@ spi_nor_init_non_uniform_erase_map(struct spi_nor *nor, > if (!(regions_erase_type & BIT(erase[i].idx))) > spi_nor_set_erase_type(&erase[i], 0, 0xFF); > > - spi_nor_region_mark_end(®ion[i - 1]); > + spi_nor_region_mark_end(®ion[region_count - 1]); I'm not too familiar with the non-uniform erase code but this looks good at first look. Small nitpick: move this line just after the above for loop that initializes this array. > > return 0; > } > -- > 2.25.1 > > > ______________________________________________________ > Linux MTD discussion mailing list > http://lists.infradead.org/mailman/listinfo/linux-mtd/
Hi, I just came across this commit (9166f4af32db) in spi-nor/for-5.12: https://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux.git/commit/?h=spi-nor/for-5.12&id=9166f4af32db74e1544a2149aef231ff24515ea3. So I believe this patch isn't needed anymore. Thanks, Mathieu
On 2/19/21 9:50 AM, Mathieu Dubois-Briand wrote: > EXTERNAL EMAIL: Do not click links or open attachments unless you know the content is safe > > Hi, > > I just came across this commit (9166f4af32db) in spi-nor/for-5.12: > https://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux.git/commit/?h=spi-nor/for-5.12&id=9166f4af32db74e1544a2149aef231ff24515ea3. > > So I believe this patch isn't needed anymore. > That's true. Thanks, ta
diff --git a/drivers/mtd/spi-nor/sfdp.c b/drivers/mtd/spi-nor/sfdp.c index 6ee7719e5903..11cc5d19e286 100644 --- a/drivers/mtd/spi-nor/sfdp.c +++ b/drivers/mtd/spi-nor/sfdp.c @@ -881,7 +881,7 @@ spi_nor_init_non_uniform_erase_map(struct spi_nor *nor, if (!(regions_erase_type & BIT(erase[i].idx))) spi_nor_set_erase_type(&erase[i], 0, 0xFF); - spi_nor_region_mark_end(®ion[i - 1]); + spi_nor_region_mark_end(®ion[region_count - 1]); return 0; }
Fix array index: explicitly use the array length to access the last element, instead of an incorrectly set iteration variable. It seems this code was correct before following commit, were the iteration counter is reused, leading to a value that may be out of bound. Fixes: dc92843159a7 ("mtd: spi-nor: fix erase_type array to indicate current map conf") Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com> --- drivers/mtd/spi-nor/sfdp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)