lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Sat, 3 Mar 2012 08:54:43 +0100
From:	Ingo Molnar <>
To:	Dan Carpenter <>
Cc:	"H. Peter Anvin" <>,
	Thomas Gleixner <>,
	Ingo Molnar <>,,
	Matt Fleming <>,
	Maarten Lankhorst <>,,
Subject: Re: [patch] x86, efi: fix pointer math issue in handle_ramdisks()

* Dan Carpenter <> wrote:

> "filename" is a efi_char16_t string so this check for reaching 
> the end of the array doesn't work.  We need to cast it to char 
> pointer before doing the math.

That name should really be changed, 'filename' is a char * by 
convention pretty much everywhere in the kernel - so the current 
naming is highly misleading and results in bugs like this.

filename_16, filename_2byte or filename_UTF or so would be 
suggestive enough to avoid such mishaps in the future.

> @@ -559,7 +559,7 @@ static efi_status_t handle_ramdisks(efi_loaded_image_t *image,
>  			str++;
>  		while (*str && *str != ' ' && *str != '\n') {
> -			if (p >= filename + sizeof(filename))
> +			if ((char *)p >= (char *)filename + sizeof(filename))
>  				break;

I'd also make that void *, because this isnt really a C 
character string anymore.


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

Powered by blists - more mailing lists