| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGXu5jL-M0jauKK=FCL=hDuwD-rNzHavgpaU9iQGLZ4ziTg4jQ@mail.gmail.com>
Date: Mon, 16 Jul 2018 21:02:33 -0700
From: Kees Cook <keescook@...omium.org>
To: David Airlie <airlied@...ux.ie>
Cc: LKML <linux-kernel@...r.kernel.org>,
Hans Verkuil <hans.verkuil@...co.com>,
Russell King <rmk+kernel@...linux.org.uk>,
Maling list - DRI developers
<dri-devel@...ts.freedesktop.org>
Subject: Re: [PATCH] drm/i2c: tda9950: Remove VLA usage
On Wed, Jun 20, 2018 at 11:27 AM, Kees Cook <keescook@...omium.org> wrote:
> In the quest to remove all stack VLA usage from the kernel[1], this
> sets the buffer to maximum size and adds a sanity check.
>
> [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com
>
> Signed-off-by: Kees Cook <keescook@...omium.org>
Friendly ping! Who's tree should this go through?
Thanks!
-Kees
> ---
> drivers/gpu/drm/i2c/tda9950.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/i2c/tda9950.c b/drivers/gpu/drm/i2c/tda9950.c
> index 3f7396caad48..28314433c351 100644
> --- a/drivers/gpu/drm/i2c/tda9950.c
> +++ b/drivers/gpu/drm/i2c/tda9950.c
> @@ -76,9 +76,12 @@ struct tda9950_priv {
> static int tda9950_write_range(struct i2c_client *client, u8 addr, u8 *p, int cnt)
> {
> struct i2c_msg msg;
> - u8 buf[cnt + 1];
> + u8 buf[CEC_MAX_MSG_SIZE + 3];
> int ret;
>
> + if (WARN_ON(cnt > sizeof(buf)))
> + return -EINVAL;
> +
> buf[0] = addr;
> memcpy(buf + 1, p, cnt);
>
> --
> 2.17.1
>
>
> --
> Kees Cook
> Pixel Security
--
Kees Cook
Pixel Security
Powered by blists - more mailing lists