Smatch error report in drivers/misc/imx_ele/fuse.c
Andrew Goodbody
andrew.goodbody at linaro.org
Tue Aug 5 12:15:41 CEST 2025
On 05/08/2025 04:44, Peng Fan wrote:
> On Tue, Jul 29, 2025 at 12:18:39PM +0100, Andrew Goodbody wrote:
>> Smatch reports the following error.
>>
>> drivers/misc/imx_ele/fuse.c:218 fuse_sense() error: buffer overflow 'data' 4
>> <= 7
>>
>> Looking at the code I can see that at line 198, word is checked to be less
>> than 8. Later at line 203 data is declared as a 4 element array. Then at line
>> 218 word is used to index into data which means a possible out of bounds
>> access if word >=4.
>>
>> There seems little point in increasing the array size of data as
>> ele_read_common_fuse will only ever read into the first 4 elements of the
>> array.
>>
>> So I am not sure what the correct fix is here. Is there any guarantee that
>> word will be < 4 in the case of word_index == 1? Or should this be an
>> additional check?
>
> In ele_api_mapping_table, OTP_UNIQ_ID is already limited to 4 as max,
> so no issue.
Ah, that's good. Thanks for checking and explaining.
Andrew
> Thanks,
> Peng
>
>>
>> Thanks,
>> Andrew
More information about the U-Boot
mailing list