From aafa64827f30a7d2aa2c2cc2a60906eabd0272b8 Mon Sep 17 00:00:00 2001 From: Mateusz Kulikowski Date: Mon, 4 Apr 2016 19:55:58 +0200 Subject: [PATCH] spmi: Fix sandbox spmi driver memory corruption There is off-by-one error in sandbox_emul_gpio that causes segfault of certain tests. EMUL_GPIO_REG_END is the address of last valid (emulated) register. This patch fixed this (by adding one more element to emulated register array). Signed-off-by: Mateusz Kulikowski Tested-by: Stephen Warren --- drivers/spmi/spmi-sandbox.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/spmi/spmi-sandbox.c b/drivers/spmi/spmi-sandbox.c index 2f0fea0..980aff2 100644 --- a/drivers/spmi/spmi-sandbox.c +++ b/drivers/spmi/spmi-sandbox.c @@ -35,7 +35,8 @@ struct sandbox_emul_fake_regs { }; struct sandbox_emul_gpio { - struct sandbox_emul_fake_regs r[EMUL_GPIO_REG_END]; /* Fake registers */ + /* Fake registers - need one more entry as REG_END is valid address. */ + struct sandbox_emul_fake_regs r[EMUL_GPIO_REG_END + 1]; }; struct sandbox_spmi_priv { -- 2.7.4