From d3815ea95c67e62a2c651e7b5b4e08e95a4cbb13 Mon Sep 17 00:00:00 2001 From: Thierry Escande Date: Mon, 27 Jan 2014 00:31:14 +0100 Subject: [PATCH] NFC: port100: Fix possible buffer overflow The arrays for protocols and rf techs must define a number of entries corresponding to their maximum possible index values. Reported-by: Dan Carpenter Signed-off-by: Thierry Escande Signed-off-by: Samuel Ortiz --- drivers/nfc/port100.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/drivers/nfc/port100.c b/drivers/nfc/port100.c index a8555f81cbba..24f5e023f2a5 100644 --- a/drivers/nfc/port100.c +++ b/drivers/nfc/port100.c @@ -139,6 +139,8 @@ static const struct port100_in_rf_setting in_rf_settings[] = { .in_recv_set_number = 15, .in_recv_comm_type = PORT100_COMM_TYPE_IN_106A, }, + /* Ensures the array has NFC_DIGITAL_RF_TECH_LAST elements */ + [NFC_DIGITAL_RF_TECH_LAST] = { 0 }, }; /** @@ -174,6 +176,9 @@ static const struct port100_tg_rf_setting tg_rf_settings[] = { .tg_set_number = 8, .tg_comm_type = PORT100_COMM_TYPE_TG_424F, }, + /* Ensures the array has NFC_DIGITAL_RF_TECH_LAST elements */ + [NFC_DIGITAL_RF_TECH_LAST] = { 0 }, + }; #define PORT100_IN_PROT_INITIAL_GUARD_TIME 0x00 @@ -330,6 +335,10 @@ in_protocols[][PORT100_IN_MAX_NUM_PROTOCOLS + 1] = { [NFC_DIGITAL_FRAMING_NFC_DEP_ACTIVATED] = { { PORT100_IN_PROT_END, 0 }, }, + /* Ensures the array has NFC_DIGITAL_FRAMING_LAST elements */ + [NFC_DIGITAL_FRAMING_LAST] = { + { PORT100_IN_PROT_END, 0 }, + }, }; static struct port100_protocol @@ -371,6 +380,10 @@ tg_protocols[][PORT100_TG_MAX_NUM_PROTOCOLS + 1] = { { PORT100_TG_PROT_RF_OFF, 1 }, { PORT100_TG_PROT_END, 0 }, }, + /* Ensures the array has NFC_DIGITAL_FRAMING_LAST elements */ + [NFC_DIGITAL_FRAMING_LAST] = { + { PORT100_TG_PROT_END, 0 }, + }, }; struct port100 { -- 2.30.2