spmi: Fix sandbox spmi driver memory corruption
authorMateusz Kulikowski <mateusz.kulikowski@gmail.com>
Mon, 4 Apr 2016 17:55:58 +0000 (19:55 +0200)
committerTom Rini <trini@konsulko.com>
Tue, 12 Apr 2016 00:48:22 +0000 (20:48 -0400)
There is off-by-one error in sandbox_emul_gpio that causes
segfault of certain tests.

EMUL_GPIO_REG_END is the address of last valid (emulated) register.
This patch fixed this (by adding one more element to emulated register array).

Signed-off-by: Mateusz Kulikowski <mateusz.kulikowski@gmail.com>
Tested-by: Stephen Warren <swarren@nvidia.com>
drivers/spmi/spmi-sandbox.c

index 2f0fea07e8012f30171ac9d22a7b243702a8672b..980aff2063a5308dc89647865caa7d0fd3dbbf4a 100644 (file)
@@ -35,7 +35,8 @@ struct sandbox_emul_fake_regs {
 };
 
 struct sandbox_emul_gpio {
-       struct sandbox_emul_fake_regs r[EMUL_GPIO_REG_END]; /* Fake registers */
+       /* Fake registers - need one more entry as REG_END is valid address. */
+       struct sandbox_emul_fake_regs r[EMUL_GPIO_REG_END + 1];
 };
 
 struct sandbox_spmi_priv {