lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 27 Feb 2020 11:15:55 +0000
From:   Walter Harms <wharms@....de>
To:     Colin King <colin.king@...onical.com>,
        Lee Jones <lee.jones@...aro.org>,
        Daniel Thompson <daniel.thompson@...aro.org>,
        Jingoo Han <jingoohan1@...il.com>,
        Bartlomiej Zolnierkiewicz <b.zolnierkie@...sung.com>,
        Gyungoh Yoo <jack.yoo@...worksinc.com>,
        Bryan Wu <cooloney@...il.com>,
        "dri-devel@...ts.freedesktop.org" <dri-devel@...ts.freedesktop.org>,
        "linux-fbdev@...r.kernel.org" <linux-fbdev@...r.kernel.org>
CC:     "kernel-janitors@...r.kernel.org" <kernel-janitors@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: AW: [PATCH][V2] backlight: sky81452: insure while loop does not allow
 negative array indexing

hi all,
i would suggest converting this in to a more common for() loop.
Programmers are bad in counting backwards. that kind of bug is 
common.

re,
 wh
________________________________________
Von: kernel-janitors-owner@...r.kernel.org <kernel-janitors-owner@...r.kernel.org> im Auftrag von Colin King <colin.king@...onical.com>
Gesendet: Mittwoch, 26. Februar 2020 20:58
An: Lee Jones; Daniel Thompson; Jingoo Han; Bartlomiej Zolnierkiewicz; Gyungoh Yoo; Bryan Wu; dri-devel@...ts.freedesktop.org; linux-fbdev@...r.kernel.org
Cc: kernel-janitors@...r.kernel.org; linux-kernel@...r.kernel.org
Betreff: [PATCH][V2] backlight: sky81452: insure while loop does not allow negative array indexing

From: Colin Ian King <colin.king@...onical.com>

In the unlikely event that num_entry is zero, the while loop
pre-decrements num_entry to cause negative array indexing into the
array sources. Fix this by iterating only if num_entry >= 0.

Addresses-Coverity: ("Out-of-bounds read")
Fixes: f705806c9f35 ("backlight: Add support Skyworks SKY81452 backlight driver")
Signed-off-by: Colin Ian King <colin.king@...onical.com>
---

V2: fix typo in commit subject line

---
 drivers/video/backlight/sky81452-backlight.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/video/backlight/sky81452-backlight.c b/drivers/video/backlight/sky81452-backlight.c
index 2355f00f5773..f456930ce78e 100644
--- a/drivers/video/backlight/sky81452-backlight.c
+++ b/drivers/video/backlight/sky81452-backlight.c
@@ -200,7 +200,7 @@ static struct sky81452_bl_platform_data *sky81452_bl_parse_dt(
                }

                pdata->enable = 0;
-               while (--num_entry)
+               while (--num_entry >= 0)
                        pdata->enable |= (1 << sources[num_entry]);
 
              int i;
                for(i=0;i<num_entry;i++)
                         pdata->enable |= (1 << sources[i]);

        }

--
2.25.0

Powered by blists - more mailing lists