Skip to content

Commit 611fff6

Browse files
committed
u-boot: v2026.04: helios64: bounds-check variant in show_otp_data
show_otp_data() directly indexed var_str[otp.variant] without validation. If the OTP blob is corrupted (e.g. variant byte out of 0..BOARD_VARIANT_MAX-1 range), this read is out of bounds. Mirror the check already used in get_variant(): fall back to var_str[0] ("Invalid variant") when otp.variant is out of range. This is debug-only (wrapped in #ifdef DEBUG) and never reached in production builds, but keeps behavior consistent with get_variant() and avoids a latent OOB read if DEBUG is enabled. Addresses a CodeRabbit review comment on PR armbian#9675.
1 parent 84e215d commit 611fff6

1 file changed

Lines changed: 3 additions & 1 deletion

File tree

  • patch/u-boot/v2026.04/board_helios64/board

patch/u-boot/v2026.04/board_helios64/board/sys_otp.c

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -114,7 +114,9 @@ static void show_otp_data(void)
114114
return;
115115

116116
printf("Part Number: %s\n", otp.part_num);
117-
printf("Variant: %s\n", var_str[otp.variant]);
117+
printf("Variant: %s\n",
118+
(otp.variant < BOARD_VARIANT_MAX) ? var_str[otp.variant]
119+
: var_str[BOARD_VARIANT_INVALID]);
118120
printf("Revision: %x.%x\n", (otp.revision & 0xf0) >> 4, otp.revision & 0x0f);
119121
printf("Serial Number: %012llx\n", otp_serial());
120122
printf("Manufacturing Date: %02X-%02X-%04X (DD-MM-YYYY)\n", otp.mfg_day,

0 commit comments

Comments
 (0)