i2c: stub: Avoid an array overrun on I2C block transfers
I2C block transfers can have a size up to 32 bytes. If starting close to the end of the address space, there may not be enough room to write that many bytes (on I2C block writes) or not enough bytes to be read (on I2C block reads.) In that case, we must shorten the transfer so that it does not exceed the address space. Signed-off-by: Jean Delvare <jdelvare@suse.de> Reviewed-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
This commit is contained in:
parent
b299de8391
commit
0f6ba0d15f
|
@ -226,6 +226,8 @@ static s32 stub_xfer(struct i2c_adapter *adap, u16 addr, unsigned short flags,
|
||||||
* We ignore banks here, because banked chips don't use I2C
|
* We ignore banks here, because banked chips don't use I2C
|
||||||
* block transfers
|
* block transfers
|
||||||
*/
|
*/
|
||||||
|
if (data->block[0] > 256 - command) /* Avoid overrun */
|
||||||
|
data->block[0] = 256 - command;
|
||||||
len = data->block[0];
|
len = data->block[0];
|
||||||
if (read_write == I2C_SMBUS_WRITE) {
|
if (read_write == I2C_SMBUS_WRITE) {
|
||||||
for (i = 0; i < len; i++) {
|
for (i = 0; i < len; i++) {
|
||||||
|
|
Loading…
Reference in New Issue