From: "Александр Бураков" <a.burakov@rosalinux.ru>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Frank Haverkamp <haver@linux.ibm.com>,
Arnd Bergmann <arnd@arndb.de>,
linux-kernel@vger.kernel.org, lvc-project@linuxtesting.org
Subject: Re: [PATCH 2/2] misc: genwqe: card_dev: Array index overflow fix in ddcb_cmd_fixups()
Date: Thu, 8 Dec 2022 13:55:01 +0300 (MSK) [thread overview]
Message-ID: <1315574310.3286650.1670496901569.JavaMail.zimbra@rosalinux.ru> (raw)
In-Reply-To: <Y5C98NpQr2G1bkvs@kroah.com>
Hello!
The subject was created this way due to technical issues. There is only one patch here.
With best regards,
A. Burakov
----- Исходное сообщение -----
От: "Greg Kroah-Hartman" <gregkh@linuxfoundation.org>
Кому: "Александр Бураков" <a.burakov@rosalinux.ru>
Копия: "Frank Haverkamp" <haver@linux.ibm.com>, "Arnd Bergmann" <arnd@arndb.de>, linux-kernel@vger.kernel.org, lvc-project@linuxtesting.org
Отправленные: Среда, 7 Декабрь 2022 г 19:23:12
Тема: Re: [PATCH 2/2] misc: genwqe: card_dev: Array index overflow fix in ddcb_cmd_fixups()
On Wed, Dec 07, 2022 at 05:18:08PM +0300, Aleksandr Burakov wrote:
> &cmd->asiv of size 96 can overflow because its index (asiv_offs + 8)
> can be equal to 96 (0x58 + 0x08) that is out of range.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Signed-off-by: Aleksandr Burakov <a.burakov@rosalinux.ru>
> Fixes: eaf4722d4645 ("GenWQE Character device and DDCB queue")
> ---
> drivers/misc/genwqe/card_dev.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/misc/genwqe/card_dev.c b/drivers/misc/genwqe/card_dev.c
> index 55fc5b80e649..d58ce2622307 100644
> --- a/drivers/misc/genwqe/card_dev.c
> +++ b/drivers/misc/genwqe/card_dev.c
> @@ -867,7 +867,7 @@ static int ddcb_cmd_fixups(struct genwqe_file *cfile, struct ddcb_requ *req)
> struct genwqe_ddcb_cmd *cmd = &req->cmd;
> struct dma_mapping *m;
>
> - for (i = 0, asiv_offs = 0x00; asiv_offs <= 0x58;
> + for (i = 0, asiv_offs = 0x00; asiv_offs < 0x58;
> i++, asiv_offs += 0x08) {
>
> u64 u_addr;
> --
> 2.25.1
>
Where is patch 1/2 of this series?
next prev parent reply other threads:[~2022-12-08 11:01 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-07 14:18 [PATCH] media: v4l2-flash: fix NULL dereference in v4l2_flash_s_ctrl() Aleksandr Burakov
2022-12-07 14:18 ` [PATCH 2/2] misc: genwqe: card_dev: Array index overflow fix in ddcb_cmd_fixups() Aleksandr Burakov
2022-12-07 16:23 ` Greg Kroah-Hartman
2022-12-08 10:55 ` Александр Бураков [this message]
2022-12-08 13:16 ` Greg Kroah-Hartman
2023-01-16 21:01 ` [PATCH] media: v4l2-flash: fix NULL dereference in v4l2_flash_s_ctrl() Sakari Ailus
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1315574310.3286650.1670496901569.JavaMail.zimbra@rosalinux.ru \
--to=a.burakov@rosalinux.ru \
--cc=arnd@arndb.de \
--cc=gregkh@linuxfoundation.org \
--cc=haver@linux.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lvc-project@linuxtesting.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox