From 3eba78d3c81700a548e123cd14c1f9258696a606 Mon Sep 17 00:00:00 2001
From: Masahiro Yamada <yamada.masahiro@socionext.com>
Date: Thu, 15 Jun 2017 09:32:12 +0900
Subject: [PATCH] uniphier: fix memory over-run bug

Check the array index before the write.  This issue was found by a
static analysis tool.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
---
 plat/socionext/uniphier/uniphier_nand.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/plat/socionext/uniphier/uniphier_nand.c b/plat/socionext/uniphier/uniphier_nand.c
index acf6a7405..88f906c24 100644
--- a/plat/socionext/uniphier/uniphier_nand.c
+++ b/plat/socionext/uniphier/uniphier_nand.c
@@ -106,8 +106,9 @@ static int uniphier_nand_block_isbad(struct uniphier_nand *nand, int block)
 
 	is_bad = bbm != 0xff;
 
-	/* save the result for future re-use */
-	nand->bbt[block] = is_bad;
+	/* if possible, save the result for future re-use */
+	if (block < ARRAY_SIZE(nand->bbt))
+	    nand->bbt[block] = is_bad;
 
 	if (is_bad)
 		WARN("found bad block at %d. skip.\n", block);
-- 
2.39.5