clk: sunxi: Prevent out-of-bounds gate array access

Because the gate arrays are not given explicit sizes, the arrays are
only as large as the highest-numbered gate described in the driver.
However, only a subset of the CCU clocks are needed by U-Boot. So there
are valid clock specifiers with indexes greater than the size of the
arrays. Referencing any of these clocks causes out-of-bounds access.
Fix this by checking the identifier against the size of the array.

Fixes: 0d47bc705651 ("clk: Add Allwinner A64 CLK driver")
Signed-off-by: Samuel Holland <samuel@sholland.org>
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

diff --git a/drivers/clk/sunxi/clk_sunxi.c b/drivers/clk/sunxi/clk_sunxi.c
index 9a21367a5d06483f6918748443a8bf4a7aa2d80c..62e77386be7acc828fc8485f09fec679392c79d3 100644 (file)
--- a/drivers/clk/sunxi/clk_sunxi.c
+++ b/drivers/clk/sunxi/clk_sunxi.c
@@ -18,6 +18,9 @@
 static const struct ccu_clk_gate *priv_to_gate(struct ccu_priv *priv,
                                               unsigned long id)
 {
+       if (id >= priv->desc->num_gates)
+               return NULL;
+
        return &priv->desc->gates[id];
 }
 
@@ -27,10 +30,10 @@ static int sunxi_set_gate(struct clk *clk, bool on)
        const struct ccu_clk_gate *gate = priv_to_gate(priv, clk->id);
        u32 reg;
 
-       if ((gate->flags & CCU_CLK_F_DUMMY_GATE))
+       if (gate && (gate->flags & CCU_CLK_F_DUMMY_GATE))
                return 0;
 
-       if (!(gate->flags & CCU_CLK_F_IS_VALID)) {
+       if (!gate || !(gate->flags & CCU_CLK_F_IS_VALID)) {
                printf("%s: (CLK#%ld) unhandled\n", __func__, clk->id);
                return 0;
        }