uniphier: fix memory over-run bug

Check the array index before the write.  This issue was found by a
static analysis tool.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

diff --git a/plat/socionext/uniphier/uniphier_nand.c b/plat/socionext/uniphier/uniphier_nand.c
index acf6a740512da4d777189ba6fa7974901ca877e0..88f906c2491536d6a018d9b240bf3ac8af702242 100644 (file)
--- a/plat/socionext/uniphier/uniphier_nand.c
+++ b/plat/socionext/uniphier/uniphier_nand.c
@@ -106,8 +106,9 @@ static int uniphier_nand_block_isbad(struct uniphier_nand *nand, int block)
 
        is_bad = bbm != 0xff;
 
-       /* save the result for future re-use */
-       nand->bbt[block] = is_bad;
+       /* if possible, save the result for future re-use */
+       if (block < ARRAY_SIZE(nand->bbt))
+           nand->bbt[block] = is_bad;
 
        if (is_bad)
                WARN("found bad block at %d. skip.\n", block);