From: Krzysztof Kozlowski <krzk@kernel.org>
To: Thorsten Blum <thorsten.blum@linux.dev>
Cc: David Laight <david.laight.linux@gmail.com>,
Huisong Li <lihuisong@huawei.com>,
Akira Shimahara <akira215corp@gmail.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v3] w1: therm: Fix off-by-one buffer overflow in alarms_store
Date: Tue, 11 Nov 2025 10:37:16 +0100 [thread overview]
Message-ID: <10440fd8-aa78-4d73-a927-1f808fbc42c7@kernel.org> (raw)
In-Reply-To: <9DA6251C-C725-46F2-899A-5CF2BE39982E@linux.dev>
On 09/11/2025 23:11, Thorsten Blum wrote:
> On 9. Nov 2025, at 19:29, Krzysztof Kozlowski wrote:
>> On 30/10/2025 16:56, Thorsten Blum wrote:
>>> - /* Convert 2nd entry to int */
>>> - ret = kstrtoint (token, 10, &temp);
>>> - if (ret) {
>>> - dev_info(device,
>>> - "%s: error parsing args %d\n", __func__, ret);
>>> - goto free_m;
>>> + p = endp + 1;
>>> + temp = simple_strtol(p, &endp, 10);
>>> + if (temp < INT_MIN || temp > INT_MAX || p == endp) {
>>> + dev_info(device, "%s: error parsing args %d\n",
>>> + __func__, -EINVAL);
>>> + goto err;
>>> }
>>> + /* Cast to short to eliminate out of range values */
>>> + th = int_to_short((int)temp);
>>>
>>> - /* Prepare to cast to short by eliminating out of range values */
>>> - th = int_to_short(temp);
>>> -
>>> - /* Reorder if required th and tl */
>>> + /* Reorder if required */
>>> if (tl > th)
>>> swap(tl, th);
>>>
>>> @@ -1897,35 +1870,30 @@ static ssize_t alarms_store(struct device *device,
>>> * (th : byte 2 - tl: byte 3)
>>> */
>>> ret = read_scratchpad(sl, &info);
>>> - if (!ret) {
>>> - new_config_register[0] = th; /* Byte 2 */
>>> - new_config_register[1] = tl; /* Byte 3 */
>>> - new_config_register[2] = info.rom[4];/* Byte 4 */
>>> - } else {
>>> - dev_info(device,
>>> - "%s: error reading from the slave device %d\n",
>>> - __func__, ret);
>>> - goto free_m;
>>> + if (ret) {
>>> + dev_info(device, "%s: error reading from the slave device %d\n",
>>> + __func__, ret);
>>> + goto err;
>>> }
>>> + new_config_register[0] = th; /* Byte 2 */
>>> + new_config_register[1] = tl; /* Byte 3 */
>>> + new_config_register[2] = info.rom[4]; /* Byte 4 *
>>
>> How is this change related?
>
> Not related, but I thought when I'm already rewriting 80% of the
> function, I might as well just improve the indentation/formatting.
Fix of buffer overflow should not contain any style changes. And
definitely changing if/else logic is just style.
Best regards,
Krzysztof
next prev parent reply other threads:[~2025-11-11 9:37 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-30 15:56 [PATCH v3] w1: therm: Fix off-by-one buffer overflow in alarms_store Thorsten Blum
2025-11-09 18:29 ` Krzysztof Kozlowski
2025-11-09 22:11 ` Thorsten Blum
2025-11-11 9:37 ` Krzysztof Kozlowski [this message]
2025-11-09 22:50 ` David Laight
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=10440fd8-aa78-4d73-a927-1f808fbc42c7@kernel.org \
--to=krzk@kernel.org \
--cc=akira215corp@gmail.com \
--cc=david.laight.linux@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=lihuisong@huawei.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=thorsten.blum@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).