On 05/08/2025 04:44, Peng Fan wrote:
On Tue, Jul 29, 2025 at 12:18:39PM +0100, Andrew Goodbody wrote:
Smatch reports the following error.
drivers/misc/imx_ele/fuse.c:218 fuse_sense() error: buffer overflow 'data' 4
<= 7
Looking at the code I can see that at line 198, word is checked to be less
than 8. Later at line 203 data is declared as a 4 element array. Then at line
218 word is used to index into data which means a possible out of bounds
access if word >=4.
There seems little point in increasing the array size of data as
ele_read_common_fuse will only ever read into the first 4 elements of the
array.
So I am not sure what the correct fix is here. Is there any guarantee that
word will be < 4 in the case of word_index == 1? Or should this be an
additional check?
In ele_api_mapping_table, OTP_UNIQ_ID is already limited to 4 as max,
so no issue.
Ah, that's good. Thanks for checking and explaining.
Andrew
Thanks,
Peng
Thanks,
Andrew
