lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 15 Jan 2022 18:37:50 +0000 From: Jonathan Cameron <jic23@...nel.org> To: "Tanislav, Cosmin" <Cosmin.Tanislav@...log.com>, Lars-Peter Clausen <lars@...afoo.de> Cc: Kees Cook <keescook@...omium.org>, "Hennerich, Michael" <Michael.Hennerich@...log.com>, "linux-iio@...r.kernel.org" <linux-iio@...r.kernel.org>, Linus Walleij <linus.walleij@...aro.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "linux-hardening@...r.kernel.org" <linux-hardening@...r.kernel.org> Subject: Re: [PATCH v2] iio: addac: Do not reference negative array offsets On Sat, 15 Jan 2022 18:12:02 +0000 Jonathan Cameron <jic23@...nel.org> wrote: > On Thu, 6 Jan 2022 06:31:55 +0000 > "Tanislav, Cosmin" <Cosmin.Tanislav@...log.com> wrote: > > > Reviewed-by: Cosmin Tanislav <cosmin.tanislav@...log.com> > > > > Put "iio: addac: ad74413r:" in patch title, maybe? > I can fix that up whilst applying. Ah. I see you already sent it again. Thanks as that's even easier. Jonathan > > I'll pick this up after rc1 is out. > > Thanks, > > Jonathan > > > > > > -----Original Message----- > > > From: Kees Cook <keescook@...omium.org> > > > Sent: Wednesday, January 5, 2022 8:02 PM > > > To: Lars-Peter Clausen <lars@...afoo.de> > > > Cc: Kees Cook <keescook@...omium.org>; Hennerich, Michael > > > <Michael.Hennerich@...log.com>; Tanislav, Cosmin > > > <Cosmin.Tanislav@...log.com>; Jonathan Cameron <jic23@...nel.org>; > > > linux-iio@...r.kernel.org; Linus Walleij <linus.walleij@...aro.org>; linux- > > > kernel@...r.kernel.org; linux-hardening@...r.kernel.org > > > Subject: [PATCH v2] iio: addac: Do not reference negative array offsets > > > > > > [External] > > > > > > Instead of aiming rx_buf at an invalid array-boundary-crossing location, > > > just skip the first increment. Fixes this warning seen when building > > > with -Warray-bounds: > > > > > > drivers/iio/addac/ad74413r.c: In function 'ad74413r_update_scan_mode': > > > drivers/iio/addac/ad74413r.c:843:22: warning: array subscript -4 is below > > > array bounds of 'u8[16]' { aka 'unsigned char[16]'} [-Warray-bounds] > > > 843 | u8 *rx_buf = &st->adc_samples_buf.rx_buf[-1 * > > > AD74413R_FRAME_SIZE]; > > > | > > > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > drivers/iio/addac/ad74413r.c:84:20: note: while referencing 'rx_buf' > > > 84 | u8 rx_buf[AD74413R_FRAME_SIZE * > > > AD74413R_CHANNEL_MAX]; > > > | ^~~~~~ > > > > > > Cc: Lars-Peter Clausen <lars@...afoo.de> > > > Cc: Michael Hennerich <Michael.Hennerich@...log.com> > > > Cc: Cosmin Tanislav <cosmin.tanislav@...log.com> > > > Cc: Jonathan Cameron <jic23@...nel.org> > > > Cc: linux-iio@...r.kernel.org > > > Fixes: fea251b6a5db ("iio: addac: add AD74413R driver") > > > Signed-off-by: Kees Cook <keescook@...omium.org> > > > --- > > > v1: > > > https://urldefense.com/v3/__https://lore.kernel.org/lkml/20211215232321. > > > 2069314-1- > > > keescook@...omium.org/__;!!A3Ni8CS0y2Y!vadcwdERjyNVz3vFIp5m5S2ms > > > oFHro8aKzH9ulwPevCKHpev6D53gibZrv5U9mPHGcoB$ > > > v2: > > > - use "xfer" for checking "first through the loop" > > > --- > > > drivers/iio/addac/ad74413r.c | 7 ++++--- > > > 1 file changed, 4 insertions(+), 3 deletions(-) > > > > > > diff --git a/drivers/iio/addac/ad74413r.c b/drivers/iio/addac/ad74413r.c > > > index 5271073bb74e..aba9a643a4ca 100644 > > > --- a/drivers/iio/addac/ad74413r.c > > > +++ b/drivers/iio/addac/ad74413r.c > > > @@ -840,7 +840,7 @@ static int ad74413r_update_scan_mode(struct iio_dev > > > *indio_dev, > > > { > > > struct ad74413r_state *st = iio_priv(indio_dev); > > > struct spi_transfer *xfer = st->adc_samples_xfer; > > > - u8 *rx_buf = &st->adc_samples_buf.rx_buf[-1 * > > > AD74413R_FRAME_SIZE]; > > > + u8 *rx_buf = st->adc_samples_buf.rx_buf; > > > u8 *tx_buf = st->adc_samples_tx_buf; > > > unsigned int channel; > > > int ret = -EINVAL; > > > @@ -894,9 +894,10 @@ static int ad74413r_update_scan_mode(struct > > > iio_dev *indio_dev, > > > > > > spi_message_add_tail(xfer, &st->adc_samples_msg); > > > > > > - xfer++; > > > tx_buf += AD74413R_FRAME_SIZE; > > > - rx_buf += AD74413R_FRAME_SIZE; > > > + if (xfer != st->adc_samples_xfer) > > > + rx_buf += AD74413R_FRAME_SIZE; > > > + xfer++; > > > } > > > > > > xfer->rx_buf = rx_buf; > > > -- > > > 2.30.2 > > >
Powered by blists - more mailing lists