tools: gpio-hammer: Avoid potential overflow in main

[ Upstream commit d1ee7e1f5c9191afb69ce46cc7752e4257340a31 ]

If '-o' was used more than 64 times in a single invocation of gpio-hammer,
this could lead to an overflow of the 'lines' array. This commit fixes
this by avoiding the overflow and giving a proper diagnostic back to the
user

Signed-off-by: Gabriel Ravier <gabravier@gmail.com>
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/tools/gpio/gpio-hammer.c b/tools/gpio/gpio-hammer.c
index 4bcb234c0fcab7dafa2f0716dee3b044b66b6fd7..3da5462a0c7d3bf10280841363664504dc895e14 100644 (file)
--- a/tools/gpio/gpio-hammer.c
+++ b/tools/gpio/gpio-hammer.c
@@ -138,7 +138,14 @@ int main(int argc, char **argv)
                        device_name = optarg;
                        break;
                case 'o':
-                       lines[i] = strtoul(optarg, NULL, 10);
+                       /*
+                        * Avoid overflow. Do not immediately error, we want to
+                        * be able to accurately report on the amount of times
+                        * '-o' was given to give an accurate error message
+                        */
+                       if (i < GPIOHANDLES_MAX)
+                               lines[i] = strtoul(optarg, NULL, 10);
+
                        i++;
                        break;
                case '?':
@@ -146,6 +153,14 @@ int main(int argc, char **argv)
                        return -1;
                }
        }
+
+       if (i >= GPIOHANDLES_MAX) {
+               fprintf(stderr,
+                       "Only %d occurences of '-o' are allowed, %d were found\n",
+                       GPIOHANDLES_MAX, i + 1);
+               return -1;
+       }
+
        nlines = i;
 
        if (!device_name || !nlines) {