chip/host/gpio.c: Fix out of bounds access

Check if signal is within bounds before accessing gpio_irq_handlers[signal]. BRANCH=none BUG=chromium:854924 TEST=make TEST_ASAN=y runtests -j Change-Id: Ia1ff9b34943ff596d27b2c746937f31623f58f96 Signed-off-by: Nicolas Boichat <drinkcat@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/1109615 Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
author: Nicolas Boichat <drinkcat@chromium.org> 2018-06-21 06:19:31 +0800
committer: chrome-bot <chrome-bot@chromium.org> 2018-06-21 08:14:25 -0700
commit: 161501e092f9509aba66a1bd0217ef6661314dfe (patch)
tree: ede3ad7b6226fdfa39c85b8b19f11f1ada8ab700
parent: 5d34998aeb78534ae7659778788cf6d2aec3d742 (diff)
download: chrome-ec-161501e092f9509aba66a1bd0217ef6661314dfe.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/chip/host/gpio.c b/chip/host/gpio.c
index 60ef32d22a..5458d15853 100644
--- a/chip/host/gpio.c
+++ b/chip/host/gpio.c
@@ -43,13 +43,15 @@ test_mockable void gpio_set_level(enum gpio_signal signal, int value)
 	const struct gpio_info *g = gpio_list + signal;
 	const uint32_t flags = g->flags;
 	const int old_value = gpio_values[signal];
-	void (*ih)(enum gpio_signal signal) = gpio_irq_handlers[signal];
+	void (*ih)(enum gpio_signal signal);
 
 	gpio_values[signal] = value;
 
 	if (signal >= GPIO_IH_COUNT || !gpio_interrupt_enabled[signal])
 		return;
 
+	ih = gpio_irq_handlers[signal];
+
 	if (gpio_interrupt_check(flags, old_value, value))
 		ih(signal);
 }
author	Nicolas Boichat <drinkcat@chromium.org>	2018-06-21 06:19:31 +0800
committer	chrome-bot <chrome-bot@chromium.org>	2018-06-21 08:14:25 -0700
commit	161501e092f9509aba66a1bd0217ef6661314dfe (patch)
tree	ede3ad7b6226fdfa39c85b8b19f11f1ada8ab700
parent	5d34998aeb78534ae7659778788cf6d2aec3d742 (diff)
download	chrome-ec-161501e092f9509aba66a1bd0217ef6661314dfe.tar.gz