i2c: fix stack buffer overflow vulnerability in i2c md command

This reinstates fix from commit 8f8c04bf1ebb ("i2c: fix stack buffer
overflow vulnerability in i2c md command") without the changes unrelated
to the actual fix. Avoid the underflow by setting only nbytes and
linebytes as unsigned integers.

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Heiko Schocher <hs@denx.de>
Cc: Nicolas Iooss <nicolas.iooss+uboot@ledger.fr>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tim Harvey <tharvey@gateworks.com>
Acked-by: Tim Harvey <tharvey@gateworks.com>

diff --git a/cmd/i2c.c b/cmd/i2c.c
index 9050b2b..e196a73 100644 (file)
--- a/cmd/i2c.c
+++ b/cmd/i2c.c
@@ -470,7 +470,8 @@ static int do_i2c_md(struct cmd_tbl *cmdtp, int flag, int argc,
        uint    chip;
        uint    addr, length;
        int alen;
-       int     j, nbytes, linebytes;
+       int j;
+       uint nbytes, linebytes;
        int ret;
 #if CONFIG_IS_ENABLED(DM_I2C)
        struct udevice *dev;