| From b763ec17ac762470eec5be8ebcc43e4f8b2c2b82 Mon Sep 17 00:00:00 2001 |
| From: Mark Brown <broonie@kernel.org> |
| Date: Sat, 19 Sep 2015 07:00:18 -0700 |
| Subject: regmap: debugfs: Ensure we don't underflow when printing access masks |
| |
| commit b763ec17ac762470eec5be8ebcc43e4f8b2c2b82 upstream. |
| |
| If a read is attempted which is smaller than the line length then we may |
| underflow the subtraction we're doing with the unsigned size_t type so |
| move some of the calculation to be additions on the right hand side |
| instead in order to avoid this. |
| |
| Reported-by: Rasmus Villemoes <linux@rasmusvillemoes.dk> |
| Signed-off-by: Mark Brown <broonie@kernel.org> |
| Signed-off-by: Zefan Li <lizefan@huawei.com> |
| --- |
| drivers/base/regmap/regmap-debugfs.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| --- a/drivers/base/regmap/regmap-debugfs.c |
| +++ b/drivers/base/regmap/regmap-debugfs.c |
| @@ -205,7 +205,7 @@ static ssize_t regmap_access_read_file(s |
| /* If we're in the region the user is trying to read */ |
| if (p >= *ppos) { |
| /* ...but not beyond it */ |
| - if (buf_pos >= count - 1 - tot_len) |
| + if (buf_pos + tot_len + 1 >= count) |
| break; |
| |
| /* Format the register */ |
