aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarek Vasut <marex@denx.de>2022-08-26 23:15:56 +0200
committerTom Rini <trini@konsulko.com>2022-08-31 12:21:47 -0400
commite4573fef7701afc2df22924ce0a445b923475afc (patch)
tree20d34ecf4bfa236f68695afac4fff5dc57384b67
parent1aa9a04ff687b8d55b0fb68ae2a688c8705665cc (diff)
downloadu-boot-e4573fef7701afc2df22924ce0a445b923475afc.zip
u-boot-e4573fef7701afc2df22924ce0a445b923475afc.tar.gz
u-boot-e4573fef7701afc2df22924ce0a445b923475afc.tar.bz2
i2c: fix stack buffer overflow vulnerability in i2c md command
This reinstates fix from commit 8f8c04bf1ebb ("i2c: fix stack buffer overflow vulnerability in i2c md command") without the changes unrelated to the actual fix. Avoid the underflow by setting only nbytes and linebytes as unsigned integers. Signed-off-by: Marek Vasut <marex@denx.de> Cc: Heiko Schocher <hs@denx.de> Cc: Nicolas Iooss <nicolas.iooss+uboot@ledger.fr> Cc: Simon Glass <sjg@chromium.org> Cc: Tim Harvey <tharvey@gateworks.com> Acked-by: Tim Harvey <tharvey@gateworks.com>
-rw-r--r--cmd/i2c.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/cmd/i2c.c b/cmd/i2c.c
index 9050b2b..e196a73 100644
--- a/cmd/i2c.c
+++ b/cmd/i2c.c
@@ -470,7 +470,8 @@ static int do_i2c_md(struct cmd_tbl *cmdtp, int flag, int argc,
uint chip;
uint addr, length;
int alen;
- int j, nbytes, linebytes;
+ int j;
+ uint nbytes, linebytes;
int ret;
#if CONFIG_IS_ENABLED(DM_I2C)
struct udevice *dev;