PM / OPP: fix off-by-one bug in dev_pm_opp_get_max_volt_latency loop

Reading array at given index before checking if index is valid results in illegal memory access. The bug was detected using KASAN framework. Signed-off-by: N Andrzej Hajda <a.hajda@samsung.com> Acked-by: N Viresh Kumar <viresh.kumar@linaro.org> Signed-off-by: N Rafael J. Wysocki <rafael.j.wysocki@intel.com>

PM / OPP: fix off-by-one bug in dev_pm_opp_get_max_volt_latency loop
Reading array at given index before checking if index is valid results in illegal memory access. The bug was detected using KASAN framework. Signed-off-by: N Andrzej Hajda <a.hajda@samsung.com> Acked-by: N Viresh Kumar <viresh.kumar@linaro.org> Signed-off-by: N Rafael J. Wysocki <rafael.j.wysocki@intel.com>
8cc31116 · Andrzej Hajda · Rafael J. Wysocki · 0764c604 · 8cc31116
隐藏空白更改
内联并排

Showing with 2 addition and 1 deletion

drivers/base/power/opp/core.c drivers/base/power/opp/core.c +2 -1

未找到文件。
--- a/drivers/base/power/opp/core.c
+++ b/drivers/base/power/opp/core.c
@@ -231,7 +231,8 @@ unsigned long dev_pm_opp_get_max_volt_latency(struct device *dev)
 	 * The caller needs to ensure that opp_table (and hence the regulator)
 	 * isn't freed, while we are executing this routine.
 	 */
-	for (i = 0; reg = regulators[i], i < count; i++) {
+	for (i = 0; i < count; i++) {
+		reg = regulators[i];
 		ret = regulator_set_voltage_time(reg, uV[i].min, uV[i].max);
 		if (ret > 0)
 			latency_ns += ret * 1000;