[PATCH] IOMUX: Fix access past end of console_devices
Sean Anderson
seanga2 at gmail.com
Wed Mar 30 19:25:59 CEST 2022
On 3/30/22 1:13 PM, Andy Shevchenko wrote:
> On Wed, Mar 30, 2022 at 7:49 PM Sean Anderson <seanga2 at gmail.com> wrote:
>
> Also I don't like to have workarounds for the broken tools.
> But if you still want to have something, what about rather this
>
>> #define for_each_console_dev(i, file, dev) \
>> - for (i = 0, dev = console_devices[file][i]; \
>> - i < cd_count[file]; \
>> - i++, dev = console_devices[file][i])
>> + for (i = 0; i < cd_count[file] && \
>> + (dev = console_devices[file][i]); i++)
>
> for (i = 0, dev = console_devices[file][0]; \
> i < cd_count[file]; \
> i++, dev = console_devices[file][i])
>
> ?
>
> Or if it's still complains
>
> for (i = 0, dev = cd_count[file] ? console_devices[file][0] : NULL; \
> i < cd_count[file]; \
> i++, dev = console_devices[file][i])
>
> ?
>
The problem is not the first assignment but the last. Consider the case when cd_count[file] = 1
i = 0, dev = console_devices[file][0]; // OK
i < cd_count[file] // 0 < 1
// loop body
i++, dev = console_devices[file][1] // Oops, past the end
i < cd_count[file] // 1 < 1, loop exit
--Sean
More information about the U-Boot
mailing list