Hi Pratyush,
On Tue, 26 May 2020 at 06:06, Pratyush Yadav <p.ya...@ti.com> wrote:
>
> In regmap_raw_{read,write}_range(), offsets are checked to make sure
> they aren't out of range. But this check happens _after_ the address is
> mapped from physical memory. Input should be sanity-checked before using
> it. Mapping the address before validating it leaves the door open to
> passing an invalid address to map_physmem(). So check for out of range
> offsets _before_ mapping them.
>
> This fixes a segmentation fault in sandbox when -1 is used as an offset
> to regmap_{read,write}().
>
> Signed-off-by: Pratyush Yadav <p.ya...@ti.com>
> ---
> drivers/core/regmap.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
Reviewed-by: Simon Glass <s...@chromium.org>
Please add a sandbox test to catch this problem.
Regards,
Simon
