On Thu, Sep 2, 2021 at 2:44 PM Cosmin-Florin Aluchenesei
wrote:
>
> Changed declarations of line_temp, reg_addr and reg_data arrays in order to
> avoid out-of-bounds write which may be caused by the following writing:
> line_temp[column_cnt] = '\0'; (Increased size from 80 to 81).
>
> Signed-off-by: Cosmin-Florin Aluchenesei
> ---
> drivers/net/phy/in112525.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/net/phy/in112525.c b/drivers/net/phy/in112525.c
> index 2ce1ab1195..e286fa8f14 100644
> --- a/drivers/net/phy/in112525.c
> +++ b/drivers/net/phy/in112525.c
> @@ -224,9 +224,9 @@ struct phy_device *inphi_phydev;
>
> int in112525_upload_firmware(struct phy_device *phydev)
> {
> - char line_temp[0x50] = {0};
> - char reg_addr[0x50] = {0};
> - char reg_data[0x50] = {0};
> + char line_temp[0x51] = {0};
> + char reg_addr[0x51] = {0};
> + char reg_data[0x51] = {0};
> int i, line_cnt = 0, column_cnt = 0;
> struct in112525_reg_config fw_temp;
> char *addr = NULL;
> --
> 2.21.0
>
We don't have such a driver in U-boot upstream master, which tree are
you using ?
