| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 16 Feb 2017 18:37:49 -0600
From: Andy Gross <andy.gross@...aro.org>
To: Bjorn Andersson <bjorn.andersson@...aro.org>
Cc: Ohad Ben-Cohen <ohad@...ery.com>,
David Brown <david.brown@...aro.org>,
linux-remoteproc@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-arm-msm@...r.kernel.org, linux-soc@...r.kernel.org,
Dan Carpenter <dan.carpenter@...cle.com>,
Stanimir Varbanov <stanimir.varbanov@...aro.org>
Subject: Re: [PATCH] remoteproc: qcom: mdt_loader: Use signed type for offset
On Wed, Feb 15, 2017 at 02:00:41PM -0800, Bjorn Andersson wrote:
> In the transition from using rproc_da_to_va(), the type of the load
> offset became unsigned. This causes the subsequent check to let negative
> values less than p_memsz + mem_size through and we write outside of the
> buffer.
>
> Change the type back to a signed value to catch this.
>
> Fixes: 7f0dd07a9b29 ("remoteproc: qcom: mdt_loader: Refactor MDT loader")
> Fixes: e7fd25226295 ("remoteproc: qcom: q6v5: Decouple driver from MDT loader")
> Reported-by: Dan Carpenter <dan.carpenter@...cle.com>
> Reported-by: Stanimir Varbanov <stanimir.varbanov@...aro.org>
> Signed-off-by: Bjorn Andersson <bjorn.andersson@...aro.org>
Acked-by: Andy Gross <andy.gross@...aro.org>
Powered by blists - more mailing lists