Hi Patrick
On 9/9/20 6:28 PM, Patrick Delaunay wrote:
> Add test on the size of ofnode_phandle_args result to avoid access
> to uninitialized elements in args[] field.
>
> This patch avoids the issue when gpio-ranges cell size is not 3 as
> expected, for example:
> gpio-ranges = <&pinctrl 0>;
> instead of
> gpio-ranges = <&pinctrl 0 112 16>;
>
> Signed-off-by: Patrick Delaunay <patrick.delau...@st.com>
> ---
>
> drivers/gpio/stm32_gpio.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/drivers/gpio/stm32_gpio.c b/drivers/gpio/stm32_gpio.c
> index aa70b1d2a9..473e364796 100644
> --- a/drivers/gpio/stm32_gpio.c
> +++ b/drivers/gpio/stm32_gpio.c
> @@ -295,6 +295,9 @@ static int gpio_stm32_probe(struct udevice *dev)
> ret = dev_read_phandle_with_args(dev, "gpio-ranges",
> NULL, 3, i, &args);
>
> + if (!ret && args.args_count < 3)
> + return -EINVAL;
> +
> if (ret == -ENOENT) {
> uc_priv->gpio_count = STM32_GPIOS_PER_BANK;
> priv->gpio_range = GENMASK(STM32_GPIOS_PER_BANK - 1, 0);
> @@ -308,6 +311,8 @@ static int gpio_stm32_probe(struct udevice *dev)
>
> ret = dev_read_phandle_with_args(dev, "gpio-ranges", NULL, 3,
> ++i, &args);
> + if (!ret && args.args_count < 3)
> + return -EINVAL;
> }
>
> dev_dbg(dev, "addr = 0x%p bank_name = %s gpio_count = %d gpio_range =
> 0x%x\n",
Reviewed-by: Patrice Chotard <patrice.chot...@st.com>
Thanks
