diff options
author | Marek Vasut <marex@denx.de> | 2022-08-26 23:15:56 +0200 |
---|---|---|
committer | Tom Rini <trini@konsulko.com> | 2022-08-31 12:21:47 -0400 |
commit | e4573fef7701afc2df22924ce0a445b923475afc (patch) | |
tree | 20d34ecf4bfa236f68695afac4fff5dc57384b67 /cmd/i2c.c | |
parent | 1aa9a04ff687b8d55b0fb68ae2a688c8705665cc (diff) | |
download | u-boot-e4573fef7701afc2df22924ce0a445b923475afc.tar.gz u-boot-e4573fef7701afc2df22924ce0a445b923475afc.tar.bz2 u-boot-e4573fef7701afc2df22924ce0a445b923475afc.zip |
i2c: fix stack buffer overflow vulnerability in i2c md command
This reinstates fix from commit 8f8c04bf1ebb ("i2c: fix stack buffer
overflow vulnerability in i2c md command") without the changes unrelated
to the actual fix. Avoid the underflow by setting only nbytes and
linebytes as unsigned integers.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Heiko Schocher <hs@denx.de>
Cc: Nicolas Iooss <nicolas.iooss+uboot@ledger.fr>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tim Harvey <tharvey@gateworks.com>
Acked-by: Tim Harvey <tharvey@gateworks.com>
Diffstat (limited to 'cmd/i2c.c')
-rw-r--r-- | cmd/i2c.c | 3 |
1 files changed, 2 insertions, 1 deletions
@@ -470,7 +470,8 @@ static int do_i2c_md(struct cmd_tbl *cmdtp, int flag, int argc, uint chip; uint addr, length; int alen; - int j, nbytes, linebytes; + int j; + uint nbytes, linebytes; int ret; #if CONFIG_IS_ENABLED(DM_I2C) struct udevice *dev; |