From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, stable <stable@kernel.org>,
Dan Carpenter <dan.carpenter@linaro.org>,
Linus Walleij <linus.walleij@linaro.org>,
Lee Jones <lee@kernel.org>, Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.19 38/41] usb: fotg210-hcd: delete an incorrect bounds test
Date: Fri, 5 Jan 2024 15:39:18 +0100 [thread overview]
Message-ID: <20240105143815.481376449@linuxfoundation.org> (raw)
In-Reply-To: <20240105143813.957669139@linuxfoundation.org>
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@linaro.org>
[ Upstream commit 7fbcd195e2b8cc952e4aeaeb50867b798040314c ]
Here "temp" is the number of characters that we have written and "size"
is the size of the buffer. The intent was clearly to say that if we have
written to the end of the buffer then stop.
However, for that to work the comparison should have been done on the
original "size" value instead of the "size -= temp" value. Not only
will that not trigger when we want to, but there is a small chance that
it will trigger incorrectly before we want it to and we break from the
loop slightly earlier than intended.
This code was recently changed from using snprintf() to scnprintf(). With
snprintf() we likely would have continued looping and passed a negative
size parameter to snprintf(). This would have triggered an annoying
WARN(). Now that we have converted to scnprintf() "size" will never
drop below 1 and there is no real need for this test. We could change
the condition to "if (temp <= 1) goto done;" but just deleting the test
is cleanest.
Fixes: 7d50195f6c50 ("usb: host: Faraday fotg210-hcd driver")
Cc: stable <stable@kernel.org>
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Reviewed-by: Lee Jones <lee@kernel.org>
Link: https://lore.kernel.org/r/ZXmwIwHe35wGfgzu@suswa
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/host/fotg210-hcd.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/drivers/usb/host/fotg210-hcd.c b/drivers/usb/host/fotg210-hcd.c
index 1577424319613..d87b4fb0d9af6 100644
--- a/drivers/usb/host/fotg210-hcd.c
+++ b/drivers/usb/host/fotg210-hcd.c
@@ -426,8 +426,6 @@ static void qh_lines(struct fotg210_hcd *fotg210, struct fotg210_qh *qh,
temp = size;
size -= temp;
next += temp;
- if (temp == size)
- goto done;
}
temp = snprintf(next, size, "\n");
@@ -437,7 +435,6 @@ static void qh_lines(struct fotg210_hcd *fotg210, struct fotg210_qh *qh,
size -= temp;
next += temp;
-done:
*sizep = size;
*nextp = next;
}
--
2.43.0
next prev parent reply other threads:[~2024-01-05 14:41 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-05 14:38 [PATCH 4.19 00/41] 4.19.304-rc1 review Greg Kroah-Hartman
2024-01-05 14:38 ` [PATCH 4.19 01/41] arm64: dts: mediatek: mt8173-evb: Fix regulator-fixed node names Greg Kroah-Hartman
2024-01-05 14:38 ` [PATCH 4.19 02/41] ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB Greg Kroah-Hartman
2024-01-05 14:38 ` [PATCH 4.19 03/41] ALSA: hda/realtek: Enable headset onLenovo M70/M90 Greg Kroah-Hartman
2024-01-05 14:38 ` [PATCH 4.19 04/41] ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5 Greg Kroah-Hartman
2024-01-05 14:38 ` [PATCH 4.19 05/41] ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE Greg Kroah-Hartman
2024-01-05 14:38 ` [PATCH 4.19 06/41] ARM: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init Greg Kroah-Hartman
2024-01-05 14:38 ` [PATCH 4.19 07/41] reset: Fix crash when freeing non-existent optional resets Greg Kroah-Hartman
2024-01-05 14:38 ` [PATCH 4.19 08/41] s390/vx: fix save/restore of fpu kernel context Greg Kroah-Hartman
2024-01-05 14:38 ` [PATCH 4.19 09/41] wifi: mac80211: mesh_plink: fix matches_local logic Greg Kroah-Hartman
2024-01-05 14:38 ` [PATCH 4.19 10/41] net/mlx5: improve some comments Greg Kroah-Hartman
2024-01-05 14:38 ` [PATCH 4.19 11/41] net/mlx5: Fix fw tracer first block check Greg Kroah-Hartman
2024-01-05 14:38 ` [PATCH 4.19 12/41] net: sched: ife: fix potential use-after-free Greg Kroah-Hartman
2024-01-05 14:38 ` [PATCH 4.19 13/41] ethernet: atheros: fix a memleak in atl1e_setup_ring_resources Greg Kroah-Hartman
2024-01-05 14:38 ` [PATCH 4.19 14/41] net/rose: fix races in rose_kill_by_device() Greg Kroah-Hartman
2024-01-05 14:38 ` [PATCH 4.19 15/41] net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev() Greg Kroah-Hartman
2024-01-05 14:38 ` [PATCH 4.19 16/41] afs: Fix the dynamic roots d_delete to always delete unused dentries Greg Kroah-Hartman
2024-01-05 14:38 ` [PATCH 4.19 17/41] net: warn if gso_type isnt set for a GSO SKB Greg Kroah-Hartman
2024-01-05 14:38 ` [PATCH 4.19 18/41] net: check dev->gso_max_size in gso_features_check() Greg Kroah-Hartman
2024-01-05 14:38 ` [PATCH 4.19 19/41] pinctrl: at91-pio4: use dedicated lock class for IRQ Greg Kroah-Hartman
2024-01-05 14:39 ` [PATCH 4.19 20/41] smb: client: fix NULL deref in asn1_ber_decoder() Greg Kroah-Hartman
2024-01-05 14:39 ` [PATCH 4.19 21/41] btrfs: do not allow non subvolume root targets for snapshot Greg Kroah-Hartman
2024-01-05 14:39 ` [PATCH 4.19 22/41] iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw Greg Kroah-Hartman
2024-01-05 14:39 ` [PATCH 4.19 23/41] Input: ipaq-micro-keys - add error handling for devm_kmemdup Greg Kroah-Hartman
2024-01-05 14:39 ` [PATCH 4.19 24/41] scsi: bnx2fc: Remove set but not used variable oxid Greg Kroah-Hartman
2024-01-05 14:39 ` [PATCH 4.19 25/41] scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() Greg Kroah-Hartman
2024-01-05 14:39 ` [PATCH 4.19 26/41] iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table Greg Kroah-Hartman
2024-01-05 14:39 ` [PATCH 4.19 27/41] wifi: cfg80211: Add my certificate Greg Kroah-Hartman
2024-01-05 14:39 ` [PATCH 4.19 28/41] wifi: cfg80211: fix certs build to not depend on file order Greg Kroah-Hartman
2024-01-05 14:39 ` [PATCH 4.19 29/41] USB: serial: ftdi_sio: update Actisense PIDs constant names Greg Kroah-Hartman
2024-01-05 14:39 ` [PATCH 4.19 30/41] USB: serial: option: add Quectel EG912Y module support Greg Kroah-Hartman
2024-01-05 14:39 ` [PATCH 4.19 31/41] USB: serial: option: add Foxconn T99W265 with new baseline Greg Kroah-Hartman
2024-01-05 14:39 ` [PATCH 4.19 32/41] USB: serial: option: add Quectel RM500Q R13 firmware support Greg Kroah-Hartman
2024-01-05 14:39 ` [PATCH 4.19 33/41] Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent Greg Kroah-Hartman
2024-01-05 14:39 ` [PATCH 4.19 34/41] net: 9p: avoid freeing uninit memory in p9pdu_vreadf Greg Kroah-Hartman
2024-01-05 14:39 ` [PATCH 4.19 35/41] net: rfkill: gpio: set GPIO direction Greg Kroah-Hartman
2024-01-05 14:39 ` [PATCH 4.19 36/41] x86/alternatives: Sync core before enabling interrupts Greg Kroah-Hartman
2024-01-05 14:39 ` [PATCH 4.19 37/41] usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling Greg Kroah-Hartman
2024-01-05 14:39 ` Greg Kroah-Hartman [this message]
2024-01-05 14:39 ` [PATCH 4.19 39/41] smb: client: fix OOB in smbCalcSize() Greg Kroah-Hartman
2024-01-05 14:39 ` [PATCH 4.19 40/41] dm-integrity: dont modify bios immutable bio_vec in integrity_metadata() Greg Kroah-Hartman
2024-01-05 14:39 ` [PATCH 4.19 41/41] block: Dont invalidate pagecache for invalid falloc modes Greg Kroah-Hartman
2024-01-05 21:31 ` [PATCH 4.19 00/41] 4.19.304-rc1 review Pavel Machek
2024-01-05 22:19 ` Guenter Roeck
2024-01-06 5:55 ` Harshit Mogalapalli
2024-01-06 9:37 ` Naresh Kamboju
2024-01-08 10:42 ` Jon Hunter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240105143815.481376449@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=dan.carpenter@linaro.org \
--cc=lee@kernel.org \
--cc=linus.walleij@linaro.org \
--cc=patches@lists.linux.dev \
--cc=sashal@kernel.org \
--cc=stable@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.