[PATCH] IOMUX: Fix access past end of console_devices
Sean Anderson
seanga2 at gmail.com
Wed Mar 30 19:05:52 CEST 2022
On 3/30/22 1:01 PM, Andy Shevchenko wrote:
> On Wed, Mar 30, 2022 at 7:49 PM Sean Anderson <seanga2 at gmail.com> wrote:
>>
>> We should only access console_devices[file][i] once we have checked that
>> i < cd_count[file]. Otherwise, we will access uninitialized memory at the end of
>> the loop. console_devices[file][i] should not be NULL, but putting the
>> assignment in the loop condition allows us to ensure that i is checked
>> beforehand. This isn't a bug, but it does make valgrind stop complaining.
>
>> Fixes: 400797cad3 ("IOMUX: Split out for_each_console_dev() helper macro")
>
> Has this been tested? See below.
Yes.
> ...
>
>> #define for_each_console_dev(i, file, dev) \
>> - for (i = 0, dev = console_devices[file][i]; \
>
> When we enter the loop, the dev is assigned and perhaps valid
>
>> - i < cd_count[file]; \
>> - i++, dev = console_devices[file][i])
>> + for (i = 0; i < cd_count[file] && \
>
> Not the case anymore.
The loop condition is evaluated before we enter the loop,
which includes the first assignment to dev.
--Sean
>> + (dev = console_devices[file][i]); i++)
>
>
>
More information about the U-Boot
mailing list