Commit cae025aa authored by Robert Baldyga's avatar Robert Baldyga Committed by Simon Glass

dm: avoid dev->req_seq overflow

Since dev->req_seq value is initialized from "reg" property of fdt node,
there is posibility, that address value contained in fdt is greater than
INT_MAX, and then value in dev->req_seq is negative which led to probe()
fail.

This patch fix this problem by ensuring that req_seq is positive, unless
it's one of errno codes.
Signed-off-by: default avatarRobert Baldyga <r.baldyga@samsung.com>
Acked-by: default avatarSimon Glass <sjg@chromium.org>
parent 59990bf0
......@@ -109,6 +109,8 @@ int device_bind(struct udevice *parent, struct driver *drv, const char *name,
dev->seq = -1;
#ifdef CONFIG_OF_CONTROL
dev->req_seq = fdtdec_get_int(gd->fdt_blob, of_offset, "reg", -1);
if (!IS_ERR_VALUE(dev->req_seq))
dev->req_seq &= INT_MAX;
if (uc->uc_drv->name && of_offset != -1) {
fdtdec_get_alias_seq(gd->fdt_blob, uc->uc_drv->name, of_offset,
&dev->req_seq);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment