On Sun, Feb 13, 2022 at 03:17:27PM +0100, Theo Buehler wrote:
> On Sun, Feb 13, 2022 at 02:30:21PM +0100, Tobias Heider wrote:
> > OF_getproplen() will return -1 if "reset-gpios" is not found which
> > currently causes a panic:
> >
> > panic: malloc: allocation too large, type = 2, size = 4294967295
> >
> > Below is a fix.
>
> There are more of these:
>
> dev/ofw/ofw_regulator.c:336: if ((glen = OF_getproplen(node, "gpios")) <=
> 0)
> dev/ofw/ofw_regulator.c:338: if ((slen = OF_getproplen(node, "states")) <=
> 0)
> dev/ofw/ofw_regulator.c:401: if ((glen = OF_getproplen(node, "gpios")) <=
> 0)
> dev/ofw/ofw_regulator.c:403: if ((slen = OF_getproplen(node, "states")) <=
> 0)
>
> where glen and slen are size_t and
>
> arch/sparc64/sparc64/pmap.c:806: sz = OF_getproplen(memh, "available")
> + sizeof(struct mem_region);
>
> with a size_t sz.
another in imxspi
Index: imxspi.c
===================================================================
RCS file: /cvs/src/sys/dev/fdt/imxspi.c,v
retrieving revision 1.3
diff -u -p -r1.3 imxspi.c
--- imxspi.c 31 Oct 2021 15:12:00 -0000 1.3
+++ imxspi.c 13 Feb 2022 14:21:01 -0000
@@ -91,7 +91,7 @@ struct imxspi_softc {
int sc_node;
uint32_t *sc_gpio;
- size_t sc_gpiolen;
+ int sc_gpiolen;
struct rwlock sc_buslock;
struct spi_controller sc_tag;
@@ -179,7 +179,7 @@ imxspi_attachhook(struct device *self)
clock_enable(sc->sc_node, NULL);
sc->sc_gpiolen = OF_getproplen(sc->sc_node, "cs-gpios");
- if (sc->sc_gpiolen) {
+ if (sc->sc_gpiolen > 0) {
sc->sc_gpio = malloc(sc->sc_gpiolen, M_DEVBUF, M_WAITOK);
OF_getpropintarray(sc->sc_node, "cs-gpios",
sc->sc_gpio, sc->sc_gpiolen);
