From: Guenter Roeck <linux@roeck-us.net>
To: Cristian Marussi <cristian.marussi@arm.com>
Cc: linux-kernel@vger.kernel.org, linux-hwmon@vger.kernel.org,
jdelvare@suse.com, sudeep.holla@arm.com
Subject: Re: [RESEND][PATCH] hwmon: scmi: fix potential buffer overflow in scmi_hwmon_probe()
Date: Wed, 15 Jul 2020 07:09:22 -0700 [thread overview]
Message-ID: <20200715140922.GA46932@roeck-us.net> (raw)
In-Reply-To: <20200715121338.GA18761@e119603-lin.cambridge.arm.com>
On Wed, Jul 15, 2020 at 01:13:38PM +0100, Cristian Marussi wrote:
> SMATCH detected a potential buffer overflow in the manipulation of
> hwmon_attributes array inside the scmi_hwmon_probe function:
>
> drivers/hwmon/scmi-hwmon.c:226
> scmi_hwmon_probe() error: buffer overflow 'hwmon_attributes' 6 <= 9
>
> Fix it by statically declaring the size of the array as the maximum
> possible as defined by hwmon_max define.
>
> Signed-off-by: Cristian Marussi <cristian.marussi@arm.com>
> Reviewed-by: Sudeep Holla <sudeep.holla@arm.com>
Applied.
Thanks,
Guenter
> ---
> drivers/hwmon/scmi-hwmon.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/hwmon/scmi-hwmon.c b/drivers/hwmon/scmi-hwmon.c
> index 281454c5c5b1..758f66fc9afe 100644
> --- a/drivers/hwmon/scmi-hwmon.c
> +++ b/drivers/hwmon/scmi-hwmon.c
> @@ -149,7 +149,7 @@ static enum hwmon_sensor_types scmi_types[] = {
> [ENERGY] = hwmon_energy,
> };
>
> -static u32 hwmon_attributes[] = {
> +static u32 hwmon_attributes[hwmon_max] = {
> [hwmon_chip] = HWMON_C_REGISTER_TZ,
> [hwmon_temp] = HWMON_T_INPUT | HWMON_T_LABEL,
> [hwmon_in] = HWMON_I_INPUT | HWMON_I_LABEL,
prev parent reply other threads:[~2020-07-15 14:09 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-15 12:13 [RESEND][PATCH] hwmon: scmi: fix potential buffer overflow in scmi_hwmon_probe() Cristian Marussi
2020-07-15 13:00 ` Sudeep Holla
2020-07-15 14:55 ` Guenter Roeck
2020-07-15 15:44 ` Sudeep Holla
2020-07-15 16:31 ` Cristian Marussi
2020-07-15 14:09 ` Guenter Roeck [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200715140922.GA46932@roeck-us.net \
--to=linux@roeck-us.net \
--cc=cristian.marussi@arm.com \
--cc=jdelvare@suse.com \
--cc=linux-hwmon@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sudeep.holla@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.