From: Sudeep Holla <sudeep.holla@arm.com>
To: Guenter Roeck <linux@roeck-us.net>
Cc: Cristian Marussi <cristian.marussi@arm.com>,
linux-kernel@vger.kernel.org, linux-hwmon@vger.kernel.org,
jdelvare@suse.com, Sudeep Holla <sudeep.holla@arm.com>
Subject: Re: [RESEND][PATCH] hwmon: scmi: fix potential buffer overflow in scmi_hwmon_probe()
Date: Wed, 15 Jul 2020 16:44:58 +0100 [thread overview]
Message-ID: <20200715154458.GB5402@bogus> (raw)
In-Reply-To: <8e2af192-97c3-bbc6-e9d7-3345b4331b65@roeck-us.net>
On Wed, Jul 15, 2020 at 07:55:52AM -0700, Guenter Roeck wrote:
> On 7/15/20 6:00 AM, Sudeep Holla wrote:
> > On Wed, Jul 15, 2020 at 01:13:38PM +0100, Cristian Marussi wrote:
> >> SMATCH detected a potential buffer overflow in the manipulation of
> >> hwmon_attributes array inside the scmi_hwmon_probe function:
> >>
> >> drivers/hwmon/scmi-hwmon.c:226
> >> scmi_hwmon_probe() error: buffer overflow 'hwmon_attributes' 6 <= 9
> >>
> >> Fix it by statically declaring the size of the array as the maximum
> >> possible as defined by hwmon_max define.
> >>
> >
> > Makes sense to me,
> >
> > Reviewed-by: Sudeep Holla <sudeep.holla@arm.com>
> >
> > There may be other such instances. I am not sure if Guenter has ignored
> > them intentionally or just no one has fixed them so far.
>
> I am not perfect. No, I have not intentionally ignored anything,
> and I don't recall seeing smatch reports (or this patch) before.
>
Sorry, it was not complaint, it does sound so now when I read that again.
What I meant is, not everyone likes to fix all the warnings from various
tools and I was just asking if this falls into that category as the
overflow can't happen if we use the standard hwmon_max enums as indicies.
--
Regards,
Sudeep
next prev parent reply other threads:[~2020-07-15 15:45 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-15 12:13 [RESEND][PATCH] hwmon: scmi: fix potential buffer overflow in scmi_hwmon_probe() Cristian Marussi
2020-07-15 13:00 ` Sudeep Holla
2020-07-15 14:55 ` Guenter Roeck
2020-07-15 15:44 ` Sudeep Holla [this message]
2020-07-15 16:31 ` Cristian Marussi
2020-07-15 14:09 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200715154458.GB5402@bogus \
--to=sudeep.holla@arm.com \
--cc=cristian.marussi@arm.com \
--cc=jdelvare@suse.com \
--cc=linux-hwmon@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@roeck-us.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.