[U-Boot] [PATCH 1/8] log: Fix incorect range check in log_get_cat_name()
Heinrich Schuchardt
xypron.glpk at gmx.de
Sat Jun 9 19:28:31 UTC 2018
On 06/09/2018 08:22 PM, Simon Glass wrote:
> This allows access to an element after the end of the array. Fix it.
>
> Reported-by: Coverity (CID: 173279)
> Signed-off-by: Simon Glass <sjg at chromium.org>
> ---
>
> common/log.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/common/log.c b/common/log.c
> index 3b5588ebe7..4e488eca5b 100644
> --- a/common/log.c
> +++ b/common/log.c
> @@ -38,7 +38,7 @@ static const char *log_level_name[LOGL_COUNT] = {
>
> const char *log_get_cat_name(enum log_category_t cat)
> {
> - if (cat > LOGC_COUNT)
> + if (cat >= LOGC_COUNT)
> return "invalid";
> if (cat >= LOGC_NONE)
> return log_cat_name[cat - LOGC_NONE];
>
Please, consider all possible values of cat:
enums can take negative values or be an invalid uclass id. The function
terminates with
return uclass_get_name((enum uclass_id)cat);
This statement will return NULL if cat does not refer to an installed
uclass driver but above you decided that in case of an error you want to
return "invalid". This looks inconsistent to me.
Best regards
Heinrich
More information about the U-Boot
mailing list