[Skiboot] [PATCH v8 28/28] i2c: fix wild dereference

Nicholas Piggin npiggin at gmail.com
Thu Nov 28 17:24:42 AEDT 2019


The contents of the buffer is not initialized in the case of a read,
and not even necessarily at least 8 bytes long. It seems like the
address is what's wanted.

Signed-off-by: Nicholas Piggin <npiggin at gmail.com>
---
 core/i2c.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/i2c.c b/core/i2c.c
index 6bae83b42..89231e5f9 100644
--- a/core/i2c.c
+++ b/core/i2c.c
@@ -173,10 +173,10 @@ int64_t i2c_request_sync(struct i2c_request *req)
 		req->req_state = i2c_req_new;
 	}
 
-	prlog(PR_DEBUG, "I2C: %s req op=%x offset=%x buf=%016llx buflen=%d "
+	prlog(PR_DEBUG, "I2C: %s req op=%x offset=%x buf=%p buflen=%d "
 	      "delay=%lu/%lld rc=%lld\n",
 	      (rc) ? "!!!!" : "----", req->op, req->offset,
-	      *(uint64_t*) req->rw_buf, req->rw_len, tb_to_msecs(waited), req->timeout, rc);
+	      req->rw_buf, req->rw_len, tb_to_msecs(waited), req->timeout, rc);
 
 	return rc;
 }
-- 
2.23.0



More information about the Skiboot mailing list