| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20180409210703.3787-1-labbott@redhat.com>
Date: Mon, 9 Apr 2018 14:07:03 -0700
From: Laura Abbott <labbott@...hat.com>
To: Russell King <linux@...linux.org.uk>,
David Airlie <airlied@...ux.ie>
Cc: Laura Abbott <labbott@...hat.com>, dri-devel@...ts.freedesktop.org,
linux-kernel@...r.kernel.org, kernel-hardening@...ts.openwall.com,
Kees Cook <keescook@...omium.org>
Subject: [PATCH] drm/i2c: tda998x: Remove VLA usage
There's an ongoing effort to remove VLAs[1] from the kernel to eventually
turn on -Wvla. The vla in reg_write_range is based on the length of data
passed. The one use of a non-constant size for this range is bounded by
the size buffer passed to hdmi_infoframe_pack which is a fixed size.
Switch to this upper bound.
[1] https://lkml.org/lkml/2018/3/7/621
Signed-off-by: Laura Abbott <labbott@...hat.com>
---
This one really feels like it should be a #define but I wasn't sure
where the 32 came from. It looks like most other uses use one of the
#defines in include/linux/hdmi?
---
drivers/gpu/drm/i2c/tda998x_drv.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/i2c/tda998x_drv.c b/drivers/gpu/drm/i2c/tda998x_drv.c
index 9e67a7b4e3a4..29e2f49601c7 100644
--- a/drivers/gpu/drm/i2c/tda998x_drv.c
+++ b/drivers/gpu/drm/i2c/tda998x_drv.c
@@ -470,7 +470,8 @@ static void
reg_write_range(struct tda998x_priv *priv, u16 reg, u8 *p, int cnt)
{
struct i2c_client *client = priv->hdmi;
- u8 buf[cnt+1];
+ /* This is the maximum size of the buffer passed in */
+ u8 buf[33];
int ret;
buf[0] = REG2ADDR(reg);
--
2.14.3
Powered by blists - more mailing lists