Hi Rob, On 05/16/18 21:19, [email protected] wrote: > From: Frank Rowand <[email protected]> > > The smatch static checker marks the data in offset as untrusted, > leading it to warn: > > drivers/of/resolver.c:125 update_usages_of_a_phandle_reference() > error: buffer underflow 'prop->value' 's32min-s32max' > > Add check to verify that offset is within the property data. > > Reported-by: Dan Carpenter <[email protected]> > Signed-off-by: Frank Rowand <[email protected]> > --- > drivers/of/resolver.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/drivers/of/resolver.c b/drivers/of/resolver.c > index 65d0b7adfcd4..7edfac6f1914 100644 > --- a/drivers/of/resolver.c > +++ b/drivers/of/resolver.c > @@ -122,6 +122,11 @@ static int update_usages_of_a_phandle_reference(struct > device_node *overlay, > goto err_fail; > } > > + if (offset < 0 || offset + sizeof(__be32) > prop->length) { > + err = -EINVAL; > + goto err_fail; > + } > + > *(__be32 *)(prop->value + offset) = cpu_to_be32(phandle); > } > >
I should have mentioned that this results in a new compile warning for W=2 and W=3. The new if statement results in: drivers/of/resolver.c:125:45: warning: comparison between signed and unsigned integer expressions [-Wsign-compare] There are other pre-existing warnings in the same file for comparing an integer to prop->length. The correct solution is probably to change the type of the length field in struct property to be unsigned. I have added that task to my todo list. -Frank
