@@ -40,7 +40,7 @@ static void inftl_add_mtd(struct mtd_blktrans_ops *tr, struct mtd_info *mtd)
if (!mtd_type_is_nand(mtd) || mtd->size > UINT_MAX)
return;
/* OK, this is moderately ugly. But probably safe. Alternatives? */
- if (memcmp(mtd->name, "DiskOnChip", 10))
+ if (strncmp(mtd->name, "DiskOnChip", 10))
return;
if (!mtd->_block_isbad) {
@@ -40,7 +40,7 @@ static void nftl_add_mtd(struct mtd_blktrans_ops *tr, struct mtd_info *mtd)
if (!mtd_type_is_nand(mtd) || mtd->size > UINT_MAX)
return;
/* OK, this is moderately ugly. But probably safe. Alternatives? */
- if (memcmp(mtd->name, "DiskOnChip", 10))
+ if (strncmp(mtd->name, "DiskOnChip", 10))
return;
pr_debug("NFTL: add_mtd for %s\n", mtd->name);
when the length of mtd->name is less than 10, it will hit out-of-bounds issue. OOB log of nftl_add_mtd(): [ 3.918811][ T1] Creating 44 MTD partitions on "1c98000.nand": [ 3.918916][ T1] 0x000000000000-0x000000400000 : "sbl" [ 3.922087][ T1] ================================================================== [ 3.922163][ T1] BUG: KASAN: slab-out-of-bounds in bcmp+0x44/0xe0 [ 3.922263][ T1] Read of size 8 at addr ffffff8003590d00 by task swapper/0/1 [ 3.922384][ T1] CPU: 2 PID: 1 Comm: swapper/0 Not tainted 5.15.123-debug-g63e58e33b056-dirty #1 [ 3.922484][ T1] Hardware name: XXX [ 3.922557][ T1] Call trace: [ 3.922611][ T1] dump_backtrace+0x0/0x404 [ 3.922699][ T1] show_stack+0x30/0x44 [ 3.922781][ T1] dump_stack_lvl+0x90/0xb0 [ 3.922875][ T1] print_address_description+0x78/0x38c [ 3.922978][ T1] kasan_report+0x184/0x1fc [ 3.923071][ T1] kasan_check_range+0x278/0x2b8 [ 3.923167][ T1] __asan_loadN+0x44/0x54 [ 3.923264][ T1] bcmp+0x44/0xe0 [ 3.923342][ T1] nftl_add_mtd+0xb0/0x384 [ 3.923441][ T1] blktrans_notify_add+0x6c/0xb4 [ 3.923538][ T1] add_mtd_device+0x8f0/0xaec [ 3.923626][ T1] add_mtd_partitions+0x148/0x330 [ 3.923721][ T1] mtd_device_parse_register+0x66c/0x860 [ 3.923813][ T1] msm_nand_probe+0xf74/0x107c [ 3.923897][ T1] platform_probe+0x108/0x168 OOB log of inftl_add_mtd(): [ 3.918811][ T1] Creating 44 MTD partitions on "1c98000.nand": [ 3.918028][ T1] 0x000000000000-0x000000400000 : "sbl" [ 3.921215][ T1] ================================================================== [ 3.921288][ T1] BUG: KASAN: slab-out-of-bounds in bcmp+0x44/0xe0 [ 3.921386][ T1] Read of size 8 at addr ffffff8003593100 by task swapper/0/1 [ 3.921509][ T1] CPU: 2 PID: 1 Comm: swapper/0 Not tainted 5.15.123-debug-g63e58e33b056 #1 [ 3.921606][ T1] Hardware name: XXX [ 3.921675][ T1] Call trace: [ 3.921728][ T1] dump_backtrace+0x0/0x404 [ 3.921821][ T1] show_stack+0x30/0x44 [ 3.921904][ T1] dump_stack_lvl+0x90/0xb0 [ 3.921999][ T1] print_address_description+0x78/0x38c [ 3.922102][ T1] kasan_report+0x184/0x1fc [ 3.922195][ T1] kasan_check_range+0x278/0x2b8 [ 3.922290][ T1] __asan_loadN+0x44/0x54 [ 3.922388][ T1] bcmp+0x44/0xe0 [ 3.922466][ T1] inftl_add_mtd+0xb0/0x3a8 [ 3.922568][ T1] blktrans_notify_add+0x6c/0xb4 [ 3.922665][ T1] add_mtd_device+0x8f0/0xaec [ 3.922752][ T1] add_mtd_partitions+0x148/0x330 [ 3.922847][ T1] mtd_device_parse_register+0x66c/0x860 [ 3.922940][ T1] msm_nand_probe+0xf74/0x107c [ 3.923024][ T1] platform_probe+0x108/0x168 Signed-off-by: Weimin Xie <quic_weimxie@quicinc.com> --- drivers/mtd/inftlcore.c | 2 +- drivers/mtd/nftlcore.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)