diff options
| author | Seung-Woo Kim <sw0312.kim@samsung.com> | 2015-09-01 16:42:44 +0900 |
|---|---|---|
| committer | Seung-Woo Kim <sw0312.kim@samsung.com> | 2016-12-14 13:47:58 +0900 |
| commit | dc534ccb2693323e64c846b86e2e017a11b3ccf8 (patch) | |
| tree | 2fb38a4bfccc90fcd45605127d97dac0e71d06b1 /drivers/extcon | |
| parent | 276885f968105a25c0ea4e0580d09c2a82da8aed (diff) | |
extcon: max77843: add guard element in array
This patch adds guard element in cable array to check last element.
This fixes following out of bounds access:
==================================================================
BUG: KASan: out of bounds access in extcon_dev_register+0xc0/0x978 at addr ffffffc001bcc440
Read of size 8 by task swapper/0/1
page:ffffffbdc086f300 count:1 mapcount:0 mapping: (null) index:0x0
flags: 0x400(reserved)
page dumped because: kasan: bad access detected
Address belongs to variable max77843_extcon_cable+0x60/0xf00
CPU: 5 PID: 1 Comm: swapper/0 Not tainted 4.1.0-00839-gb91c2a6-dirty #3
Hardware name: Samsung TM2 board (DT)
Call trace:
[<ffffffc00008bc58>] dump_backtrace+0x0/0x1d8
[<ffffffc00008be40>] show_stack+0x10/0x20
[<ffffffc000eee3a4>] dump_stack+0x80/0xd4
[<ffffffc00021e4f0>] kasan_report_error+0x3e0/0x408
[<ffffffc00021e9ec>] kasan_report+0x44/0x50
[<ffffffc00021d2dc>] __asan_load8+0x94/0xb0
[<ffffffc000a78904>] extcon_dev_register+0xbc/0x978
[<ffffffc000a791f8>] devm_extcon_dev_register+0x38/0x90
[<ffffffc000a7cab8>] max77843_muic_probe+0x1e0/0x5f0
[<ffffffc0006dc724>] platform_drv_probe+0x64/0xf8
[<ffffffc0006d9ae8>] driver_probe_device+0x1f0/0x3a8
[<ffffffc0006d9de0>] __driver_attach+0xc8/0xd0
[<ffffffc0006d6fac>] bus_for_each_dev+0xd4/0x138
[<ffffffc0006d932c>] driver_attach+0x2c/0x40
[<ffffffc0006d8dfc>] bus_add_driver+0x214/0x2e8
[<ffffffc0006dab40>] driver_register+0xb0/0x1c0
[<ffffffc0006dc618>] __platform_driver_register+0xa8/0xb8
[<ffffffc00179f6c0>] max77843_muic_init+0x14/0x20
[<ffffffc000082ae4>] do_one_initcall+0xec/0x240
[<ffffffc001755e50>] kernel_init_freeable+0x288/0x330
[<ffffffc000eeab1c>] kernel_init+0xc/0xf0
Memory state around the buggy address:
ffffffc001bcc300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffffffc001bcc380: 00 00 00 00 00 00 00 00 fa fa fa fa 00 00 00 00
>ffffffc001bcc400: 00 00 00 00 00 00 00 00 fa fa fa fa 00 00 00 00
^
ffffffc001bcc480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffffffc001bcc500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Diffstat (limited to 'drivers/extcon')
| -rw-r--r-- | drivers/extcon/extcon-max77843.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/drivers/extcon/extcon-max77843.c b/drivers/extcon/extcon-max77843.c index 85d4e200324b..f6fcaeb4b067 100644 --- a/drivers/extcon/extcon-max77843.c +++ b/drivers/extcon/extcon-max77843.c @@ -149,6 +149,7 @@ static const char *max77843_extcon_cable[] = { [MAX77843_CABLE_JIG_USB_OFF] = "JIG-USB-OFF", [MAX77843_CABLE_JIG_UART_ON] = "JIG-UART-ON", [MAX77843_CABLE_JIG_UART_OFF] = "JIG-UART-OFF", + NULL, }; struct max77843_muic_irq { |