dm: avoid dev->req_seq overflow

Since dev->req_seq value is initialized from "reg" property of fdt node, there is posibility, that address value contained in fdt is greater than INT_MAX, and then value in dev->req_seq is negative which led to probe() fail. This patch fix this problem by ensuring that req_seq is positive, unless it's one of errno codes. Signed-off-by: Robert Baldyga <[email protected]> Acked-by: Simon Glass <[email protected]>
hardkernel · Sep 23, 2014 · cae025a · cae025a
1 parent 59990bf
commit cae025a
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/drivers/core/device.c b/drivers/core/device.c
@@ -109,6 +109,8 @@ int device_bind(struct udevice *parent, struct driver *drv, const char *name,
 	dev->seq = -1;
 #ifdef CONFIG_OF_CONTROL
 	dev->req_seq = fdtdec_get_int(gd->fdt_blob, of_offset, "reg", -1);
+	if (!IS_ERR_VALUE(dev->req_seq))
+		dev->req_seq &= INT_MAX;
 	if (uc->uc_drv->name && of_offset != -1) {
 		fdtdec_get_alias_seq(gd->fdt_blob, uc->uc_drv->name, of_offset,
 				     &dev->req_seq);