From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 4DA00C433EF for ; Sun, 3 Apr 2022 10:40:34 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 6871183B1E; Sun, 3 Apr 2022 12:39:45 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.b="cVAHJZdy"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id EA3E983B1B; Sun, 3 Apr 2022 12:39:36 +0200 (CEST) Received: from mail-wm1-x34a.google.com (mail-wm1-x34a.google.com [IPv6:2a00:1450:4864:20::34a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 7792E83ADB for ; Sun, 3 Apr 2022 12:39:27 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=3XnlJYgYKBo8tBvD44z77z4x.v75D-u77C41BCB.wx6G.wx@flex--ascull.bounces.google.com Received: by mail-wm1-x34a.google.com with SMTP id 189-20020a1c02c6000000b0038e6c4c6472so1197721wmc.1 for ; Sun, 03 Apr 2022 03:39:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=VNDpGGnA/sVo4NYxEES/bQ2zsGQhJ/f3gMMFeGJp/zU=; b=cVAHJZdyJkGW5Asmb0GXFzPmEq9WFsVJLXO2qHQGADN89HF/wDXuxOyfScj6+QyyWY tW1OfVBNyJyb3uCss5UGngJS6+SAS+raMrvx2s+GTU3Ju3KNHLf+Ms1NZd2/UmS5IsOe DYwFH6ffD+HxBmqwyy1/wmo7QkSGlWeRRyxHvmuq5zAZge6/sr3387PJeNZu54nAttJh DZvImuxXp7wR/BPUExSIL6t4zgMwvnoXiaQruMbRm8tzBrcPjpVoIgHzYYAcYUXDyM7s BcmJLizpR3Kq/xMaqA/tkGYDPldpUZ05K2817XzeBeHiwFW0VGSzjF2eZ1JouaGsQ2kv d4tQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=VNDpGGnA/sVo4NYxEES/bQ2zsGQhJ/f3gMMFeGJp/zU=; b=sHsG7sa3EC65A6Isu87WDJzl/3SQ4HDhMDCpAwnEpHkxhwj0pv8681YEOVUk7aysdK 8WUB2HZj3i6GEXD15QqQSesTmHo8kIwzemhoy6+hcJ6dYzi0kfp2R2hsCd8Lk5o8R1Fx z16TognN/6OaPklQYkwbOjieeIykiqafGZ7eTKCzIt3mxNsOQlAHYhxVMJG5MDy6XMDK 9tI0cr5KPqE/BliupMlSUZPaQ48FCfAudZFA+Ng3Dz1GxtlqZJM2mg89m7IF9m3YKlwo F2nLev5cixIm6LL1SSbkivDGIFFDcbj9SF7wevr7UCRXq7zvnei02M5XzPz3XFLb+i19 52hQ== X-Gm-Message-State: AOAM532vmdJOIModubqjnS1aJIbIr19aUjCm1nAx1/6Ty4p/Rx8hoCAs mleyyMVsnXTHohX7/yyfepn8PFR6rY0PoexZcVe6WmvW/6Yj/HgJUGhV6/k6CcIng+ON7KOOez6 y2w57d+oeFKjzndhBlq0RwYqiTl5MBcOWWYw/AByZXRw3Nsm123Tk1jA1O+4= X-Google-Smtp-Source: ABdhPJyfQZrYC18krDzzJCuOPMH8Duoa3TMFF+/vNe3l9O1Cpnf3XViwSC88vsM58WTpcYmMDBzAb4c/pk8= X-Received: from ascull.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:1510]) (user=ascull job=sendgmr) by 2002:a1c:35c7:0:b0:38e:4c59:6788 with SMTP id c190-20020a1c35c7000000b0038e4c596788mr834211wma.1.1648982366633; Sun, 03 Apr 2022 03:39:26 -0700 (PDT) Date: Sun, 3 Apr 2022 10:39:11 +0000 In-Reply-To: <20220403103915.3338027-1-ascull@google.com> Message-Id: <20220403103915.3338027-5-ascull@google.com> Mime-Version: 1.0 References: <20220403103915.3338027-1-ascull@google.com> X-Mailer: git-send-email 2.35.1.1094.g7c7d902a7c-goog Subject: [PATCH 4/8] usb: sandbox: Check for string end in copy_to_unicode() From: Andrew Scull To: u-boot@lists.denx.de Cc: sjg@chromium.org, seanga2@gmail.com, Andrew Scull , Marek Vasut Content-Type: text/plain; charset="UTF-8" X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean When copying the string in copy_to_unicode(), check for the null terminator in each position, not just at the start, to avoid reading beyond the end of the string. Signed-off-by: Andrew Scull Cc: Simon Glass Cc: Marek Vasut --- drivers/usb/emul/usb-emul-uclass.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/usb/emul/usb-emul-uclass.c b/drivers/usb/emul/usb-emul-uclass.c index 05f6d3d9e2..b31dc950e3 100644 --- a/drivers/usb/emul/usb-emul-uclass.c +++ b/drivers/usb/emul/usb-emul-uclass.c @@ -15,13 +15,12 @@ static int copy_to_unicode(char *buff, int length, const char *str) { int ptr; - int i; if (length < 2) return 0; buff[1] = USB_DT_STRING; - for (ptr = 2, i = 0; ptr + 1 < length && *str; i++, ptr += 2) { - buff[ptr] = str[i]; + for (ptr = 2; ptr + 1 < length && *str; str++, ptr += 2) { + buff[ptr] = *str; buff[ptr + 1] = 0; } buff[0] = ptr; -- 2.35.1.1094.g7c7d902a7c-goog