| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20170221034825.GV21911@vireshk-i7>
Date: Tue, 21 Feb 2017 09:18:25 +0530
From: Viresh Kumar <viresh.kumar@...aro.org>
To: Andrzej Hajda <a.hajda@...sung.com>
Cc: Viresh Kumar <vireshk@...nel.org>, Nishanth Menon <nm@...com>,
Stephen Boyd <sboyd@...eaurora.org>,
"Rafael J. Wysocki" <rjw@...ysocki.net>, linux-pm@...r.kernel.org,
linux-kernel@...r.kernel.org,
Bartlomiej Zolnierkiewicz <b.zolnierkie@...sung.com>,
Marek Szyprowski <m.szyprowski@...sung.com>
Subject: Re: [PATCH] PM / OPP: fix off-by-one bug in
dev_pm_opp_get_max_volt_latency loop
On 20-02-17, 19:57, Andrzej Hajda wrote:
> Reading array at given index before checking if index is valid results in
> illegal memory access.
>
> The bug was detected using KASAN framework.
>
> Signed-off-by: Andrzej Hajda <a.hajda@...sung.com>
> ---
> drivers/base/power/opp/core.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/base/power/opp/core.c b/drivers/base/power/opp/core.c
> index 91ec323..dae6172 100644
> --- a/drivers/base/power/opp/core.c
> +++ b/drivers/base/power/opp/core.c
> @@ -231,7 +231,8 @@ unsigned long dev_pm_opp_get_max_volt_latency(struct device *dev)
> * The caller needs to ensure that opp_table (and hence the regulator)
> * isn't freed, while we are executing this routine.
> */
> - for (i = 0; reg = regulators[i], i < count; i++) {
> + for (i = 0; i < count; i++) {
> + reg = regulators[i];
> ret = regulator_set_voltage_time(reg, uV[i].min, uV[i].max);
> if (ret > 0)
> latency_ns += ret * 1000;
Acked-by: Viresh Kumar <viresh.kumar@...aro.org>
--
viresh
Powered by blists - more mailing lists