From: Sven Eckelmann <sven@narfation.org>
To: chris.packham@alliedtelesis.co.nz, Alex Guo <alexguo1023@gmail.com>
Cc: alexguo1023@gmail.com, andi.shyti@kernel.org,
linux-i2c@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] i2c: rtl9300: Fix out-of-bounds bug in rtl9300_i2c_smbus_xfer
Date: Mon, 04 Aug 2025 10:18:53 +0200 [thread overview]
Message-ID: <4670491.LvFx2qVVIh@ripper> (raw)
In-Reply-To: <20250615235248.529019-1-alexguo1023@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1002 bytes --]
On Monday, 16 June 2025 01:52:48 CEST Alex Guo wrote:
> The data->block[0] variable comes from user. Without proper check,
> the variable may be very large to cause an out-of-bounds bug.
>
> Fix this bug by checking the value of data->block[0] first.
>
> Similar commit:
> 1. commit 39244cc7548 ("i2c: ismt: Fix an out-of-bounds bug in
> ismt_access()")
> 2. commit 92fbb6d1296 ("i2c: xgene-slimpro: Fix out-of-bounds
> bug in xgene_slimpro_i2c_xfer()")
[...]
Please correct me but it looks like this fix was not yet applied to the tree.
But Chris Packham pointed out that this conflicts with my fixes for SMBUS/
SMBUS_I2C.
I would like to add my patchset on top of this (to avoid problems with stable
submission) and add the Fixes: and Cc: stable@vger.kernel.org.
I hope it is ok for you when I would pick this up. I would resubmit the fixes
patchset this evening (GMT+2).
You can preview it at
https://git.open-mesh.org/linux-merge.git/log/?h=b4/i2c-rtl9300-multi-byte
Kind regards,
Sven
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 228 bytes --]
next prev parent reply other threads:[~2025-08-04 8:18 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-15 23:52 [PATCH] i2c: rtl9300: Fix out-of-bounds bug in rtl9300_i2c_smbus_xfer Alex Guo
2025-06-16 0:59 ` Chris Packham
2025-08-04 8:18 ` Sven Eckelmann [this message]
2025-08-04 9:17 ` Wolfram Sang
2025-08-08 17:45 ` Sven Eckelmann
2025-08-09 9:09 ` Wolfram Sang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4670491.LvFx2qVVIh@ripper \
--to=sven@narfation.org \
--cc=alexguo1023@gmail.com \
--cc=andi.shyti@kernel.org \
--cc=chris.packham@alliedtelesis.co.nz \
--cc=linux-i2c@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.