media: cxd2880-spi: avoid out-of-bounds access warning
authorArnd Bergmann <arnd@arndb.de>
Tue, 13 Mar 2018 12:09:11 +0000 (08:09 -0400)
committerMauro Carvalho Chehab <mchehab+samsung@kernel.org>
Fri, 4 May 2018 15:27:00 +0000 (11:27 -0400)
commit53dcd70eb710607b2d4085ca91a433cd9feb7b41
tree7937ea0bb38189d30c09554900d9a23f3102709a
parent89eaaf2d19a6cfff0a16014405c2a65b5257b8a1
media: cxd2880-spi: avoid out-of-bounds access warning

The -Warray-bounds warning in gcc-8 triggers for a newly added file:

drivers/media/spi/cxd2880-spi.c: In function 'cxd2880_write_reg':
drivers/media/spi/cxd2880-spi.c:111:3: error: 'memcpy' forming offset [133, 258] is out of the bounds [0, 132] of object 'send_data' with type 'u8[132]' {aka 'unsigned char[132]'} [-Werror=array-bounds]

The problem appears to be that we have two range checks in this function,
first comparing against BURST_WRITE_MAX (128) and then comparing against
a literal '255'. The logic checking the buffer size looks at the second
one and decides that this might be the actual maximum data length.

This is understandable behavior from the compiler, but the code is actually
safe. Since the first check is already shorter, we can remove the loop
and only leave that. To be on the safe side in case BURST_WRITE_MAX might
be increased, I'm leaving the check against U8_MAX.

Fixes: bd24fcddf6b8 ("media: cxd2880-spi: Add support for CXD2880 SPI interface")
Cc: Martin Sebor <msebor@gmail.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Yasunari Takiguchi <Yasunari.Takiguchi@sony.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
drivers/media/spi/cxd2880-spi.c