Gitiles
Code Review Sign In
git01.mediatek.com / filogic / uboot / f683cdd227cf225c3d184adcf571c190b88e6e58^! / .
commitf683cdd227cf225c3d184adcf571c190b88e6e58[log] [tgz]
authorMarek Vasut <marex@denx.de>Fri Aug 26 23:15:56 2022 +0200
committerTom Rini <trini@konsulko.com>Wed Aug 31 12:21:47 2022 -0400
tree20d34ecf4bfa236f68695afac4fff5dc57384b67
parent8f3caeab220eaf01ca5fc9a245668f95f775ff70 [diff]
i2c: fix stack buffer overflow vulnerability in i2c md command

This reinstates fix from commit 8f8c04bf1ebb ("i2c: fix stack buffer
overflow vulnerability in i2c md command") without the changes unrelated
to the actual fix. Avoid the underflow by setting only nbytes and
linebytes as unsigned integers.

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Heiko Schocher <hs@denx.de>
Cc: Nicolas Iooss <nicolas.iooss+uboot@ledger.fr>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tim Harvey <tharvey@gateworks.com>
Acked-by: Tim Harvey <tharvey@gateworks.com>

diff --git a/cmd/i2c.c b/cmd/i2c.c
index 9050b2b..e196a73 100644
--- a/cmd/i2c.c
+++ b/cmd/i2c.c

@@ -470,7 +470,8 @@
 	uint	chip;
 	uint	addr, length;
 	int alen;
-	int	j, nbytes, linebytes;
+	int j;
+	uint nbytes, linebytes;
 	int ret;
 #if CONFIG_IS_ENABLED(DM_I2C)
 	struct udevice *dev;