| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 11 Jul 2011 12:48:42 +0900 From: Mark Brown <broonie@...nsource.wolfsonmicro.com> To: Axel Lin <axel.lin@...il.com> Cc: linux-kernel@...r.kernel.org, Graeme Gregory <gg@...mlogic.co.uk>, Jorge Eduardo Candelaria <jedu@...mlogic.co.uk>, Liam Girdwood <lrg@...com> Subject: Re: [PATCH] regulator: tps65910: Fix array access out of bounds bug On Mon, Jul 11, 2011 at 09:57:43AM +0800, Axel Lin wrote: > For tps65910, the number of regulator is 13. ( ARRAY_SIZE(tps65910_regs) is 13) > For tps65911, the number of regulator is 12. ( ARRAY_SIZE(tps65911_regs) is 12) > If we are using this driver for tps65911, > we hit array access out of bounds bug in tps65910_probe() because > current implementation always assume the number of regulator is 13 and > thus it will access tps65911_regs[12]. > > Fix it by setting correct num_regulators for both chips in tps65910_probe(), > and allocated neccessay memory accordingly. Acked-by: Mark Brown <broonie@...nsource.wolfsonmicro.com> This patch would be much less invasive if you didn't change to allocating everything dynamically - you could fix the out of bounds issues by just limiting the number of times we go round the array. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists