From: jacopo mondi <jacopo@jmondi.org>
To: Colin Ian King <colin.king@canonical.com>
Cc: Mauro Carvalho Chehab <mchehab@kernel.org>,
linux-media@vger.kernel.org, kernel-janitors@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH][media-next] media: i2c: mt9v111: fix off-by-one array bounds check
Date: Tue, 31 Jul 2018 14:01:53 +0000 [thread overview]
Message-ID: <20180731140153.GE370@w540> (raw)
In-Reply-To: <c2684aa2-71d7-b82e-df18-65ea3f026d97@canonical.com>
[-- Attachment #1: Type: text/plain, Size: 1180 bytes --]
Hi Colin,
On Tue, Jul 31, 2018 at 02:55:25PM +0100, Colin Ian King wrote:
> On 31/07/18 14:53, jacopo mondi wrote:
> > Hi Colin,
> > thanks for the patch.
> >
> > On Tue, Jul 31, 2018 at 02:33:43PM +0100, Colin King wrote:
> >> From: Colin Ian King <colin.king@canonical.com>
> >>
> >> The check of fse->index is off-by-one and should be using >= rather
> >> than > to check the maximum allowed array index. Fix this.
> >>
> >> Detected by CoverityScan, CID#172122 ("Out-of-bounds read")
> >>
> >> Fixes: aab7ed1c3927 ("media: i2c: Add driver for Aptina MT9V111")
> >> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> >
> > Acked-by: Jacopo Mondi <jacopo+renesas@jmondi.org>
> >
> > Thanks
> > j
> >
>
> Just to note, I also got a build warning on this driver, so that's
> something that should be fixed up too.
>
> drivers/media/i2c/mt9v111.c:887:15: warning: 'idx' may be used
> uninitialized in this function [-Wmaybe-uninitialized]
> unsigned int idx;
Yes, that's false positive but indeed gcc doesn't know about that.
A patch has already been sent and will hopefully be collected soon:
https://patchwork.linuxtv.org/patch/51259/
Thanks for noticing
j
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: jacopo mondi <jacopo@jmondi.org>
To: Colin Ian King <colin.king@canonical.com>
Cc: Mauro Carvalho Chehab <mchehab@kernel.org>,
linux-media@vger.kernel.org, kernel-janitors@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH][media-next] media: i2c: mt9v111: fix off-by-one array bounds check
Date: Tue, 31 Jul 2018 16:01:53 +0200 [thread overview]
Message-ID: <20180731140153.GE370@w540> (raw)
In-Reply-To: <c2684aa2-71d7-b82e-df18-65ea3f026d97@canonical.com>
[-- Attachment #1: Type: text/plain, Size: 1180 bytes --]
Hi Colin,
On Tue, Jul 31, 2018 at 02:55:25PM +0100, Colin Ian King wrote:
> On 31/07/18 14:53, jacopo mondi wrote:
> > Hi Colin,
> > thanks for the patch.
> >
> > On Tue, Jul 31, 2018 at 02:33:43PM +0100, Colin King wrote:
> >> From: Colin Ian King <colin.king@canonical.com>
> >>
> >> The check of fse->index is off-by-one and should be using >= rather
> >> than > to check the maximum allowed array index. Fix this.
> >>
> >> Detected by CoverityScan, CID#172122 ("Out-of-bounds read")
> >>
> >> Fixes: aab7ed1c3927 ("media: i2c: Add driver for Aptina MT9V111")
> >> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> >
> > Acked-by: Jacopo Mondi <jacopo+renesas@jmondi.org>
> >
> > Thanks
> > j
> >
>
> Just to note, I also got a build warning on this driver, so that's
> something that should be fixed up too.
>
> drivers/media/i2c/mt9v111.c:887:15: warning: 'idx' may be used
> uninitialized in this function [-Wmaybe-uninitialized]
> unsigned int idx;
Yes, that's false positive but indeed gcc doesn't know about that.
A patch has already been sent and will hopefully be collected soon:
https://patchwork.linuxtv.org/patch/51259/
Thanks for noticing
j
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
next prev parent reply other threads:[~2018-07-31 14:01 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-31 13:33 [PATCH][media-next] media: i2c: mt9v111: fix off-by-one array bounds check Colin King
2018-07-31 13:33 ` Colin King
2018-07-31 13:53 ` jacopo mondi
2018-07-31 13:53 ` jacopo mondi
2018-07-31 13:55 ` Colin Ian King
2018-07-31 13:55 ` Colin Ian King
2018-07-31 14:01 ` jacopo mondi [this message]
2018-07-31 14:01 ` jacopo mondi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180731140153.GE370@w540 \
--to=jacopo@jmondi.org \
--cc=colin.king@canonical.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=mchehab@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.