On Thu, Sep 2, 2021 at 2:44 PM Cosmin-Florin Aluchenesei aluchenesei.cosmin-florin@nxp.com wrote:

Changed declarations of line_temp, reg_addr and reg_data arrays in order to avoid out-of-bounds write which may be caused by the following writing: line_temp[column_cnt] = '\0'; (Increased size from 80 to 81).

Signed-off-by: Cosmin-Florin Aluchenesei aluchenesei.cosmin-florin@nxp.com

drivers/net/phy/in112525.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/net/phy/in112525.c b/drivers/net/phy/in112525.c index 2ce1ab1195..e286fa8f14 100644 --- a/drivers/net/phy/in112525.c +++ b/drivers/net/phy/in112525.c @@ -224,9 +224,9 @@ struct phy_device *inphi_phydev;

int in112525_upload_firmware(struct phy_device *phydev) {

•   char line_temp[0x50] = {0};
  

•   char reg_addr[0x50] = {0};
  

•   char reg_data[0x50] = {0};
  

•   char line_temp[0x51] = {0};
  

•   char reg_addr[0x51] = {0};
  

•   char reg_data[0x51] = {0};
    int i, line_cnt = 0, column_cnt = 0;
    struct in112525_reg_config fw_temp;
    char *addr = NULL;
  

-- 2.21.0

We don't have such a driver in U-boot upstream master, which tree are you using ?