[PATCH] power: pfuze100: Ensure loop index is incremented
Tom Rini
trini at konsulko.com
Sat Sep 13 17:51:54 CEST 2025
On Sun, Aug 31, 2025 at 09:35:13AM -0600, Tom Rini wrote:
> On Thu, Jul 03, 2025 at 12:31:50PM +0100, Andrew Goodbody wrote:
>
> > The for loop in se_desc uses i as the loop index and also to cause the
> > loop to end if the passed in name is not found. However i is not
> > incremented which could cause the loop to continue indefinitely and
> > access out of bounds memory.
> > Add an increment of i to ensure that the loop terminates correctly in
> > the case where name is not found.
> >
> > This issue found by Smatch.
> >
> > Signed-off-by: Andrew Goodbody <andrew.goodbody at linaro.org>
> > ---
> > drivers/power/regulator/pfuze100.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
>
> I size tested this as part of merging and saw unexpected shrinkage. In
> turn, this got me to look harder at the code and I think the best answer
> is to refactor things so that se_desc(...) follow the normal (linux
> kernel) pattern of for (i = 0; i < ARRAY_SIZE(desc); i++) instead of
> being passed size. That's I think the root of this confusion too. I'll
> post a patch shortly.
While I really wanted to make this suggested change, I'm just missing
something as to how it should work, and perhaps the better answer is to
rework the caller a bit to handle the check inline? I'm not sure...
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20250913/9109de26/attachment.sig>
More information about the U-Boot
mailing list