]> git.itanic.dy.fi Git - linux-stable/commit
projects / linux-stable / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c32f1eb) | patch
regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe()
authorXiaolei Wang <xiaolei.wang@windriver.com>
Thu, 25 Aug 2022 11:19:22 +0000 (19:19 +0800)
committerMark Brown <broonie@kernel.org>
Thu, 25 Aug 2022 11:29:26 +0000 (12:29 +0100)
commit78e1e867f44e6bdc72c0e6a2609a3407642fb30b
treef088e67b2335028cd537da06bd49f59f9147c09btree | snapshot
parentc32f1ebfd26bece77141257864ed7b4720da1557commit | diff
regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe()

The pfuze_chip::regulator_descs is an array of size
PFUZE100_MAX_REGULATOR, the pfuze_chip::pfuze_regulators
is the pointer to the real regulators of a specific device.
The number of real regulator is supposed to be less than
the PFUZE100_MAX_REGULATOR, so we should use the size of
'regulator_num * sizeof(struct pfuze_regulator)' in memcpy().
This fixes the out of bounds access bug reported by KASAN.

Signed-off-by: Xiaolei Wang <xiaolei.wang@windriver.com>
Link: https://lore.kernel.org/r/20220825111922.1368055-1-xiaolei.wang@windriver.com
Signed-off-by: Mark Brown <broonie@kernel.org>
drivers/regulator/pfuze100-regulator.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.