From: Andrzej Hajda <a.hajda@samsung.com>
Date: Mon, 20 Feb 2017 18:57:57 +0000 (+0100)
Subject: PM / OPP: fix off-by-one bug in dev_pm_opp_get_max_volt_latency loop
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=8cc311167c22f9365304b2b20225df2d881c8843;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git

PM / OPP: fix off-by-one bug in dev_pm_opp_get_max_volt_latency loop

Reading array at given index before checking if index is valid results in
illegal memory access.

The bug was detected using KASAN framework.

Signed-off-by: Andrzej Hajda <a.hajda@samsung.com>
Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
---

diff --git a/drivers/base/power/opp/core.c b/drivers/base/power/opp/core.c
index 91ec3232d630..dae61720b314 100644
--- a/drivers/base/power/opp/core.c
+++ b/drivers/base/power/opp/core.c
@@ -231,7 +231,8 @@ unsigned long dev_pm_opp_get_max_volt_latency(struct device *dev)
 	 * The caller needs to ensure that opp_table (and hence the regulator)
 	 * isn't freed, while we are executing this routine.
 	 */
-	for (i = 0; reg = regulators[i], i < count; i++) {
+	for (i = 0; i < count; i++) {
+		reg = regulators[i];
 		ret = regulator_set_voltage_time(reg, uV[i].min, uV[i].max);
 		if (ret > 0)
 			latency_ns += ret * 1000;