"i" gets incremented before we're entering loop body
and effectively we iterate from 1 to 8 instead of 0 to 7.
This way we:
a) Skip the first line of struct hs_versions
b) Go over it and access memory beyond the structure
Signed-off-by: Alexey Brodkin <abrod...@synopsys.com>
---
arch/arc/lib/cpu.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arc/lib/cpu.c b/arch/arc/lib/cpu.c
index 07daaa8d15..01cca95d5b 100644
--- a/arch/arc/lib/cpu.c
+++ b/arch/arc/lib/cpu.c
@@ -87,7 +87,7 @@ const char *arc_em_version(int arcver, char *name, int
name_len)
bool xymem = ARC_FEATURE_EXISTS(ARC_AUX_XY_BUILD);
int i;
- for (i = 0; i++ < sizeof(em_versions) / sizeof(struct em_template_t);) {
+ for (i = 0; i < sizeof(em_versions) / sizeof(struct em_template_t);
i++) {
if (em_versions[i].cache == cache &&
em_versions[i].dsp == dsp &&
em_versions[i].xymem == xymem) {
@@ -147,7 +147,7 @@ const char *arc_hs_version(int arcver, char *name, int
name_len)
bool dual_issue = arcver == 0x54 ? true : false;
int i;
- for (i = 0; i++ < sizeof(hs_versions) / sizeof(struct hs_template_t);) {
+ for (i = 0; i < sizeof(hs_versions) / sizeof(struct hs_template_t);
i++) {
if (hs_versions[i].cache == cache &&
hs_versions[i].mmu == mmu &&
hs_versions[i].dual_issue == dual_issue &&
--
2.16.2
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
