[U-Boot] [PATCH v2 10/13] mmc: Fix read-past-end-of-array
Eugeniu Rosca
roscaeugeniu at gmail.com
Sun Aug 26 23:13:28 UTC 2018
Running "mmc dev 0" on R-Car H3 Salvator-X (CONFIG_UBSAN=y) occasionally
results in:
=> mmc dev 0
=================================================================
UBSAN: Undefined behaviour in drivers/mmc/mmc.c:2233:14
index 7 is out of range for type 'int [4]'
=================================================================
Currently, fbase[] array consists of 4 elements:
-------8<-------
static const int fbase[] = {
10000,
100000,
1000000,
10000000,
};
-------8<-------
Adjust the mask used to compute the fbase[] index accordingly.
Fixes: 272cc70b211e ("Add MMC Framework")
Signed-off-by: Eugeniu Rosca <erosca at de.adit-jv.com>
---
Changes in v2:
- Shorten the summary line
---
drivers/mmc/mmc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mmc/mmc.c b/drivers/mmc/mmc.c
index 447519f46f15..01da99edb084 100644
--- a/drivers/mmc/mmc.c
+++ b/drivers/mmc/mmc.c
@@ -2230,7 +2230,7 @@ static int mmc_startup(struct mmc *mmc)
}
/* divide frequency by 10, since the mults are 10x bigger */
- freq = fbase[(cmd.response[0] & 0x7)];
+ freq = fbase[(cmd.response[0] & 0x3)];
mult = multipliers[((cmd.response[0] >> 3) & 0xf)];
mmc->legacy_speed = freq * mult;
--
2.18.0
More information about the U-Boot
mailing list