[PATCH linux dev-5.3 2/3] fsi: aspeed: Fix buffer overrun for small writes
Andrew Jeffery
andrew at aj.id.au
Wed Oct 30 23:37:06 AEDT 2019
One and two byte writes read data beyond the end of the provided
buffer.
Signed-off-by: Andrew Jeffery <andrew at aj.id.au>
---
drivers/fsi/fsi-master-aspeed.c | 18 +++++++++++++++++-
1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/drivers/fsi/fsi-master-aspeed.c b/drivers/fsi/fsi-master-aspeed.c
index cb8064cc59c0..6767cd89de36 100644
--- a/drivers/fsi/fsi-master-aspeed.c
+++ b/drivers/fsi/fsi-master-aspeed.c
@@ -331,7 +331,23 @@ static int aspeed_master_write(struct fsi_master *master, int link,
return -EINVAL;
addr += link * FSI_HUB_LINK_SIZE;
- ret = opb_write(aspeed, fsi_base + addr, *(uint32_t *)val, size);
+
+ switch (size) {
+ case 1:
+ ret = opb_write(aspeed, fsi_base + addr, *(uint8_t *)val,
+ size);
+ break;
+ case 2:
+ ret = opb_write(aspeed, fsi_base + addr, *(uint16_t *)val,
+ size);
+ break;
+ case 4:
+ ret = opb_write(aspeed, fsi_base + addr, *(uint32_t *)val,
+ size);
+ break;
+ default:
+ return -EINVAL;
+ }
ret = check_errors(aspeed, ret);
if (ret)
--
2.20.1
More information about the openbmc
mailing list