[PATCH] power: pfuze100: Ensure loop index is incremented
Tom Rini
trini at konsulko.com
Sun Aug 31 17:35:13 CEST 2025
On Thu, Jul 03, 2025 at 12:31:50PM +0100, Andrew Goodbody wrote:
> The for loop in se_desc uses i as the loop index and also to cause the
> loop to end if the passed in name is not found. However i is not
> incremented which could cause the loop to continue indefinitely and
> access out of bounds memory.
> Add an increment of i to ensure that the loop terminates correctly in
> the case where name is not found.
>
> This issue found by Smatch.
>
> Signed-off-by: Andrew Goodbody <andrew.goodbody at linaro.org>
> ---
> drivers/power/regulator/pfuze100.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
I size tested this as part of merging and saw unexpected shrinkage. In
turn, this got me to look harder at the code and I think the best answer
is to refactor things so that se_desc(...) follow the normal (linux
kernel) pattern of for (i = 0; i < ARRAY_SIZE(desc); i++) instead of
being passed size. That's I think the root of this confusion too. I'll
post a patch shortly.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20250831/99e46df5/attachment.sig>
More information about the U-Boot
mailing list