[PATCH 2/3] usb: musb-new: Limit check array index before use
Andrew Goodbody
andrew.goodbody at linaro.org
Tue Sep 30 17:52:23 CEST 2025
epnum is used as an index into an array. The limit check for this index
should be performed before using it to access an element in the array to
prevent possible bounds overrun.
This issue was found by Smatch.
Signed-off-by: Andrew Goodbody <andrew.goodbody at linaro.org>
---
drivers/usb/musb-new/musb_gadget_ep0.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/musb-new/musb_gadget_ep0.c b/drivers/usb/musb-new/musb_gadget_ep0.c
index ea65326ab6264492ea668ddd047b360965a5ad19..25b1de6e58f9e2028e9b93a600d532ae0f5efcc1 100644
--- a/drivers/usb/musb-new/musb_gadget_ep0.c
+++ b/drivers/usb/musb-new/musb_gadget_ep0.c
@@ -96,6 +96,9 @@ static int service_tx_status_request(
if (!epnum) {
result[0] = 0;
break;
+ } else if (epnum >= MUSB_C_NUM_EPS) {
+ handled = -EINVAL;
+ break;
}
is_in = epnum & USB_DIR_IN;
@@ -107,7 +110,7 @@ static int service_tx_status_request(
}
regs = musb->endpoints[epnum].regs;
- if (epnum >= MUSB_C_NUM_EPS || !ep->desc) {
+ if (!ep->desc) {
handled = -EINVAL;
break;
}
--
2.47.3
More information about the U-Boot
mailing list