lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 18 Sep 2017 15:39:25 +0200
From:   Richard Weinberger <richard@....at>
To:     Boris Brezillon <boris.brezillon@...e-electrons.com>
Cc:     linux-mtd@...ts.infradead.org, linux-kernel@...r.kernel.org,
        marek.vasut@...il.com, cyrille.pitchen@...ev4u.fr,
        computersforpeace@...il.com, dwmw2@...radead.org
Subject: Re: [PATCH] mtd: spi-nor: Check for spi_nor_hwcaps_read2cmd() return value

Am Montag, 18. September 2017, 11:39:45 CEST schrieb Boris Brezillon:
> On Sun, 17 Sep 2017 11:57:50 +0200
> 
> Richard Weinberger <richard@....at> wrote:
> > The function can return a negativ value in case of errors,
> > don't use it blindly as array index.
> > 
> > Detected by CoverityScan CID#1418067 ("Memory - illegal accesses")
> > Fixes: f384b352cbf0 ("mtd: spi-nor: parse Serial Flash Discoverable
> > Parameters (SFDP) tables")
> 
> Hm, not sure but I think "Fixes:" should not be wrapped.

Hmm, vi tried to be smart. ;-\ 

> 
> > Signed-off-by: Richard Weinberger <richard@....at>
> > ---
> > 
> >  drivers/mtd/spi-nor/spi-nor.c | 3 +++
> >  1 file changed, 3 insertions(+)
> > 
> > diff --git a/drivers/mtd/spi-nor/spi-nor.c b/drivers/mtd/spi-nor/spi-nor.c
> > index cf1d4a15e10a..d71765739a93 100644
> > --- a/drivers/mtd/spi-nor/spi-nor.c
> > +++ b/drivers/mtd/spi-nor/spi-nor.c
> > @@ -2145,6 +2145,9 @@ static int spi_nor_parse_bfpt(struct spi_nor *nor,
> > 
> >  		params->hwcaps.mask |= rd->hwcaps;
> >  		cmd = spi_nor_hwcaps_read2cmd(rd->hwcaps);
> > 
> > +		if (cmd < 0)
> > +			return -EINVAL;
> 
> Why not returning cmd directly?

I thought about that too but the only other user of that function also returns
-EINVAL upon error.
Maybe Cyrille can give more input whether we should propagate 
spi_nor_hwcaps_read2cmd()'s return values or not.

Thanks,
//richard

Powered by blists - more mailing lists