summaryrefslogtreecommitdiff
path: root/drivers/rtc/rtc-bq32k.c
diff options
context:
space:
mode:
authorGustavo A. R. Silva <garsilva@embeddedor.com>2018-03-07 20:27:56 -0600
committerAlexandre Belloni <alexandre.belloni@bootlin.com>2018-03-17 14:20:56 +0100
commitfed9b18611f75110d5b26d650819665d528038da (patch)
treebca711325de4c186d2e3d42320211fc758b828e8 /drivers/rtc/rtc-bq32k.c
parent83bbc5ac63326433755592829caf02920b3d8dc0 (diff)
rtc: remove VLA usage
In preparation to enabling -Wvla, remove VLA and replace it with a fixed-length array instead. >From a security viewpoint, the use of Variable Length Arrays can be a vector for stack overflow attacks. Also, in general, as the code evolves it is easy to lose track of how big a VLA can get. Thus, we can end up having segfaults that are hard to debug. Also, fixed as part of the directive to remove all VLAs from the kernel: https://lkml.org/lkml/2018/3/7/621 Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Diffstat (limited to 'drivers/rtc/rtc-bq32k.c')
-rw-r--r--drivers/rtc/rtc-bq32k.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/drivers/rtc/rtc-bq32k.c b/drivers/rtc/rtc-bq32k.c
index e8698e9870fe..ef52741000a8 100644
--- a/drivers/rtc/rtc-bq32k.c
+++ b/drivers/rtc/rtc-bq32k.c
@@ -36,6 +36,10 @@
#define BQ32K_CFG2 0x09 /* Trickle charger control */
#define BQ32K_TCFE BIT(6) /* Trickle charge FET bypass */
+#define MAX_LEN 10 /* Maximum number of consecutive
+ * register for this particular RTC.
+ */
+
struct bq32k_regs {
uint8_t seconds;
uint8_t minutes;
@@ -74,7 +78,7 @@ static int bq32k_read(struct device *dev, void *data, uint8_t off, uint8_t len)
static int bq32k_write(struct device *dev, void *data, uint8_t off, uint8_t len)
{
struct i2c_client *client = to_i2c_client(dev);
- uint8_t buffer[len + 1];
+ uint8_t buffer[MAX_LEN + 1];
buffer[0] = off;
memcpy(&buffer[1], data, len);