lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 16 Feb 2017 18:37:49 -0600 From: Andy Gross <andy.gross@...aro.org> To: Bjorn Andersson <bjorn.andersson@...aro.org> Cc: Ohad Ben-Cohen <ohad@...ery.com>, David Brown <david.brown@...aro.org>, linux-remoteproc@...r.kernel.org, linux-kernel@...r.kernel.org, linux-arm-msm@...r.kernel.org, linux-soc@...r.kernel.org, Dan Carpenter <dan.carpenter@...cle.com>, Stanimir Varbanov <stanimir.varbanov@...aro.org> Subject: Re: [PATCH] remoteproc: qcom: mdt_loader: Use signed type for offset On Wed, Feb 15, 2017 at 02:00:41PM -0800, Bjorn Andersson wrote: > In the transition from using rproc_da_to_va(), the type of the load > offset became unsigned. This causes the subsequent check to let negative > values less than p_memsz + mem_size through and we write outside of the > buffer. > > Change the type back to a signed value to catch this. > > Fixes: 7f0dd07a9b29 ("remoteproc: qcom: mdt_loader: Refactor MDT loader") > Fixes: e7fd25226295 ("remoteproc: qcom: q6v5: Decouple driver from MDT loader") > Reported-by: Dan Carpenter <dan.carpenter@...cle.com> > Reported-by: Stanimir Varbanov <stanimir.varbanov@...aro.org> > Signed-off-by: Bjorn Andersson <bjorn.andersson@...aro.org> Acked-by: Andy Gross <andy.gross@...aro.org>
Powered by blists - more mailing lists