review.tizen.org Git - platform/adaptation/renesas_rcar/renesas

author	Grant Likely <grant.likely@linaro.org>
	Mon, 3 Nov 2014 15:15:35 +0000 (15:15 +0000)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 14 Nov 2014 17:00:13 +0000 (09:00 -0800)
commit	09b6f88e365a536cc0fc38527e70ff268c2d7853
tree	e62c87c3562c7b7e697513776eb6e184f1ba7a30	tree \| snapshot
parent	09a30e597c09827316a38aecc46c486df5819f68	commit \| diff

of: Fix overflow bug in string property parsing functions

commit a87fa1d81a9fb5e9adca9820e16008c40ad09f33 upstream.

The string property read helpers will run off the end of the buffer if
it is handed a malformed string property. Rework the parsers to make
sure that doesn't happen. At the same time add new test cases to make
sure the functions behave themselves.

The original implementations of of_property_read_string_index() and
of_property_count_strings() both open-coded the same block of parsing
code, each with it's own subtly different bugs. The fix here merges
functions into a single helper and makes the original functions static
inline wrappers around the helper.

One non-bugfix aspect of this patch is the addition of a new wrapper,
of_property_read_string_array(). The new wrapper is needed by the
device_properties feature that Rafael is working on and planning to
merge for v3.19. The implementation is identical both with and without
the new static inline wrapper, so it just got left in to reduce the
churn on the header file.

Signed-off-by: Grant Likely <grant.likely@linaro.org>
Cc: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Cc: Mika Westerberg <mika.westerberg@linux.intel.com>
Cc: Rob Herring <robh+dt@kernel.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Darren Hart <darren.hart@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

drivers/of/base.c		diff \| blob \| history
drivers/of/selftest.c		diff \| blob \| history
drivers/of/testcase-data/tests-phandle.dtsi		diff \| blob \| history
include/linux/of.h		diff \| blob \| history