Add a bounds check on the number of base addresses to prevent out-of-bounds access to the priv->base array.
Signed-off-by: David Lechner <[email protected]> --- drivers/pinctrl/mediatek/pinctrl-mtk-common.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/pinctrl/mediatek/pinctrl-mtk-common.c b/drivers/pinctrl/mediatek/pinctrl-mtk-common.c index e991e03ea41..d152e216634 100644 --- a/drivers/pinctrl/mediatek/pinctrl-mtk-common.c +++ b/drivers/pinctrl/mediatek/pinctrl-mtk-common.c @@ -856,6 +856,9 @@ int mtk_pinctrl_common_probe(struct udevice *dev, if (!base_calc) nbase_names = 1; + if (nbase_names > MAX_BASE_CALC) + return -ENOSPC; + for (i = 0; i < nbase_names; i++) { if (soc->base_names) addr = dev_read_addr_name(dev, soc->base_names[i]); -- 2.43.0
