regulator: rt5759: fix OOB in validate_desc()

I got the following OOB report:

 BUG: KASAN: slab-out-of-bounds in validate_desc+0xba/0x109
 Read of size 8 at addr ffff888107db8ff0 by task python3/253
 Call Trace:
  <TASK>
  dump_stack_lvl+0x67/0x83
  print_report+0x178/0x4b0
  kasan_report+0x90/0x190
  validate_desc+0xba/0x109
  gpiod_set_value_cansleep+0x40/0x5a
  regulator_ena_gpio_ctrl+0x93/0xfc
  _regulator_do_enable.cold.61+0x89/0x163
  set_machine_constraints+0x140a/0x159c
  regulator_register.cold.73+0x762/0x10cd
  devm_regulator_register+0x57/0xb0
  rt5759_probe+0x3a0/0x4ac [rt5759_regulator]

The desc used in validate_desc() is passed from 'reg_cfg.ena_gpiod',
which is not initialized. Fix this by initializing 'reg_cfg' to 0.

Fixes: 7b36ddb208 ("regulator: rt5759: Add support for Richtek RT5759 DCDC converter")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20221116092943.1668326-1-yangyingliang@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
This commit is contained in:
Yang Yingliang 2022-11-16 17:29:43 +08:00 committed by Mark Brown
parent 5f4b204b6b
commit 7920e0fbce
No known key found for this signature in database
GPG Key ID: 24D68B725D5487D0

View File

@ -243,6 +243,7 @@ static int rt5759_regulator_register(struct rt5759_priv *priv)
if (priv->chip_type == CHIP_TYPE_RT5759A)
reg_desc->uV_step = RT5759A_STEP_UV;
memset(&reg_cfg, 0, sizeof(reg_cfg));
reg_cfg.dev = priv->dev;
reg_cfg.of_node = np;
reg_cfg.init_data = of_get_regulator_init_data(priv->dev, np, reg_desc);