diff options
| author | Seung-Woo Kim <sw0312.kim@samsung.com> | 2015-09-01 17:21:01 +0900 |
|---|---|---|
| committer | Seung-Woo Kim <sw0312.kim@samsung.com> | 2016-12-14 13:48:00 +0900 |
| commit | aba4f7ac70712a453fb5070159c7742c951e46a0 (patch) | |
| tree | 4724003804c2dd8d12cb68c41496caabde624cc2 /drivers/media | |
| parent | 86c169126c2da28b98e0776c65a2ce2eb53e639e (diff) | |
fimc-is: 6d1: add sentinel element to id table
This patch adds sentinel element to id table to fix following out
of bounds access:
==================================================================
BUG: KASan: out of bounds access in i2c_device_match+0xcc/0xf0 at addr ffffffc00120ee80
Read of size 1 by task swapper/0/1
page:ffffffbdc0848380 count:1 mapcount:0 mapping: (null) index:0x0
flags: 0x400(reserved)
page dumped because: kasan: bad access detected
Address belongs to variable sensor_6d1_idt+0x20/0x40
CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.1.0-00839-gb91c2a6-dirty #3
Hardware name: Samsung TM2 board (DT)
Call trace:
[<ffffffc00008bc58>] dump_backtrace+0x0/0x1d8
[<ffffffc00008be40>] show_stack+0x10/0x20
[<ffffffc000eee3a4>] dump_stack+0x80/0xd4
[<ffffffc00021e4f0>] kasan_report_error+0x3e0/0x408
[<ffffffc00021e9ec>] kasan_report+0x44/0x50
[<ffffffc00021d8f0>] __asan_load1+0x78/0x80
[<ffffffc000916b78>] i2c_device_match+0xc8/0xf0
[<ffffffc0006d9d54>] __driver_attach+0x3c/0xd0
[<ffffffc0006d6fac>] bus_for_each_dev+0xd4/0x138
[<ffffffc0006d932c>] driver_attach+0x2c/0x40
[<ffffffc0006d8dfc>] bus_add_driver+0x214/0x2e8
[<ffffffc0006dab40>] driver_register+0xb0/0x1c0
[<ffffffc000917fc0>] i2c_register_driver+0x48/0xc8
[<ffffffc001795344>] sensor_6d1_load+0x18/0x24
[<ffffffc000082ae4>] do_one_initcall+0xec/0x240
[<ffffffc001755e50>] kernel_init_freeable+0x288/0x330
[<ffffffc000eeab1c>] kernel_init+0xc/0xf0
Memory state around the buggy address:
ffffffc00120ed80: 00 00 00 00 00 00 00 00 00 00 00 00 00 04 fa fa
ffffffc00120ee00: fa fa fa fa 00 00 06 fa fa fa fa fa 00 00 00 00
>ffffffc00120ee80: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
^
ffffffc00120ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffffffc00120ef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Diffstat (limited to 'drivers/media')
| -rw-r--r-- | drivers/media/platform/exynos/fimc-is/sensor/fimc-is-device-6d1.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/drivers/media/platform/exynos/fimc-is/sensor/fimc-is-device-6d1.c b/drivers/media/platform/exynos/fimc-is/sensor/fimc-is-device-6d1.c index 2de119caff41..60ac264ae832 100644 --- a/drivers/media/platform/exynos/fimc-is/sensor/fimc-is-device-6d1.c +++ b/drivers/media/platform/exynos/fimc-is/sensor/fimc-is-device-6d1.c @@ -780,6 +780,7 @@ static const struct of_device_id exynos_fimc_is_sensor_6d1_match[] = { static const struct i2c_device_id sensor_6d1_idt[] = { { SENSOR_NAME, 0 }, + {}, }; static struct i2c_driver sensor_6d1_driver = { |