From: Kent Gibson <warthog618@gmail.com>
To: Bartosz Golaszewski <brgl@bgdev.pl>
Cc: linux-kernel@vger.kernel.org, linux-gpio@vger.kernel.org,
linus.walleij@linaro.org
Subject: Re: [PATCH] gpio-sim: fix memory corruption when adding named lines and unnamed hogs
Date: Tue, 6 Jun 2023 18:18:59 +0800 [thread overview]
Message-ID: <ZH8IE5KLI73YyXEy@sol> (raw)
In-Reply-To: <CAMRc=MfdusMAqfjnQTi_-DdjeLHQzywpk=zpKaQjahy6_gds0Q@mail.gmail.com>
On Tue, Jun 06, 2023 at 12:01:53PM +0200, Bartosz Golaszewski wrote:
> On Tue, Jun 6, 2023 at 7:13 AM Kent Gibson <warthog618@gmail.com> wrote:
> >
> > When constructing the sim, gpio-sim constructs an array of named lines,
> > sized based on the largest offset of any named line, and then initializes
> > that array with the names of all lines, including unnamed hogs with higher
> > offsets. In doing so it writes NULLs beyond the extent of the array.
> >
> > Add a check that only named lines are used to initialize the array.
> >
> > Fixes: cb8c474e79be ("gpio: sim: new testing module")
> > Signed-off-by: Kent Gibson <warthog618@gmail.com>
> > ---
> >
> > After writing the comment above, and looking at the code again, it may be
> > clearer to instead check that the offset is within the bounds of the
> > array. Or do both. Consider that my review.
> >
>
> Like:
>
> if (line->offset <= max_offset)
> line_names[line->offset] = line->name;
>
> ? If so, then I agree it makes the purpose of the check clearer.
>
Using line_names_size might be even clearer.
So, either that or
if (line->name && (line->offset <= max_offset))
line_names[line->offset] = line->name;
to also not repeat the zeroing that the kcalloc() did.
Too many options. Let me know which you prefer.
Cheers,
Kent.
next prev parent reply other threads:[~2023-06-06 10:19 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-06 5:13 [PATCH] gpio-sim: fix memory corruption when adding named lines and unnamed hogs Kent Gibson
2023-06-06 10:01 ` Bartosz Golaszewski
2023-06-06 10:18 ` Kent Gibson [this message]
2023-06-06 11:33 ` Bartosz Golaszewski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZH8IE5KLI73YyXEy@sol \
--to=warthog618@gmail.com \
--cc=brgl@bgdev.pl \
--cc=linus.walleij@linaro.org \
--cc=linux-gpio@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.