On Mon, Dec 09, 2024 at 09:24:59PM +0800, Zijun Hu wrote:
From: Zijun Hu quic_zijuhu@quicinc.com
Fix wrong @len value by 'len--' after 'imap++' in of_irq_parse_imap_parent().
Fixes: 935df1bd40d4 ("of/irq: Factor out parsing of interrupt-map parent phandle+args from of_irq_parse_raw()") Cc: stable@vger.kernel.org Signed-off-by: Zijun Hu quic_zijuhu@quicinc.com
drivers/of/irq.c | 1 + 1 file changed, 1 insertion(+)
Applied, but rewrote the commit message:
of/irq: Fix interrupt-map cell length check in of_irq_parse_imap_parent()
On a malformed interrupt-map property which is shorter than expected by 1 cell, we may read bogus data past the end of the property instead of returning an error in of_irq_parse_imap_parent().
Decrement the remaining length when skipping over the interrupt parent phandle cell.