Add test on the size of ofnode_phandle_args result to avoid access
to uninitialized elements in args[] field.
This patch avoids the issue when gpio-ranges cell size is not 3 as
expected, for example:
gpio-ranges = <&pinctrl 0>;
instead of
gpio-ranges = <&pinctrl 0 112 16>;
Signed-off-by: Patrick Delaunay <patrick.delau...@st.com>
---
drivers/gpio/stm32_gpio.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/gpio/stm32_gpio.c b/drivers/gpio/stm32_gpio.c
index aa70b1d2a9..473e364796 100644
--- a/drivers/gpio/stm32_gpio.c
+++ b/drivers/gpio/stm32_gpio.c
@@ -295,6 +295,9 @@ static int gpio_stm32_probe(struct udevice *dev)
ret = dev_read_phandle_with_args(dev, "gpio-ranges",
NULL, 3, i, &args);
+ if (!ret && args.args_count < 3)
+ return -EINVAL;
+
if (ret == -ENOENT) {
uc_priv->gpio_count = STM32_GPIOS_PER_BANK;
priv->gpio_range = GENMASK(STM32_GPIOS_PER_BANK - 1, 0);
@@ -308,6 +311,8 @@ static int gpio_stm32_probe(struct udevice *dev)
ret = dev_read_phandle_with_args(dev, "gpio-ranges", NULL, 3,
++i, &args);
+ if (!ret && args.args_count < 3)
+ return -EINVAL;
}
dev_dbg(dev, "addr = 0x%p bank_name = %s gpio_count = %d gpio_range =
0x%x\n",
--
2.17.1
