| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <cb14e57edc1c4f3a81b0aef6f1099b9c@bfs.de>
Date: Thu, 27 Feb 2020 11:15:55 +0000
From: Walter Harms <wharms@....de>
To: Colin King <colin.king@...onical.com>,
Lee Jones <lee.jones@...aro.org>,
Daniel Thompson <daniel.thompson@...aro.org>,
Jingoo Han <jingoohan1@...il.com>,
Bartlomiej Zolnierkiewicz <b.zolnierkie@...sung.com>,
Gyungoh Yoo <jack.yoo@...worksinc.com>,
Bryan Wu <cooloney@...il.com>,
"dri-devel@...ts.freedesktop.org" <dri-devel@...ts.freedesktop.org>,
"linux-fbdev@...r.kernel.org" <linux-fbdev@...r.kernel.org>
CC: "kernel-janitors@...r.kernel.org" <kernel-janitors@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: AW: [PATCH][V2] backlight: sky81452: insure while loop does not allow
negative array indexing
hi all,
i would suggest converting this in to a more common for() loop.
Programmers are bad in counting backwards. that kind of bug is
common.
re,
wh
________________________________________
Von: kernel-janitors-owner@...r.kernel.org <kernel-janitors-owner@...r.kernel.org> im Auftrag von Colin King <colin.king@...onical.com>
Gesendet: Mittwoch, 26. Februar 2020 20:58
An: Lee Jones; Daniel Thompson; Jingoo Han; Bartlomiej Zolnierkiewicz; Gyungoh Yoo; Bryan Wu; dri-devel@...ts.freedesktop.org; linux-fbdev@...r.kernel.org
Cc: kernel-janitors@...r.kernel.org; linux-kernel@...r.kernel.org
Betreff: [PATCH][V2] backlight: sky81452: insure while loop does not allow negative array indexing
From: Colin Ian King <colin.king@...onical.com>
In the unlikely event that num_entry is zero, the while loop
pre-decrements num_entry to cause negative array indexing into the
array sources. Fix this by iterating only if num_entry >= 0.
Addresses-Coverity: ("Out-of-bounds read")
Fixes: f705806c9f35 ("backlight: Add support Skyworks SKY81452 backlight driver")
Signed-off-by: Colin Ian King <colin.king@...onical.com>
---
V2: fix typo in commit subject line
---
drivers/video/backlight/sky81452-backlight.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/video/backlight/sky81452-backlight.c b/drivers/video/backlight/sky81452-backlight.c
index 2355f00f5773..f456930ce78e 100644
--- a/drivers/video/backlight/sky81452-backlight.c
+++ b/drivers/video/backlight/sky81452-backlight.c
@@ -200,7 +200,7 @@ static struct sky81452_bl_platform_data *sky81452_bl_parse_dt(
}
pdata->enable = 0;
- while (--num_entry)
+ while (--num_entry >= 0)
pdata->enable |= (1 << sources[num_entry]);
int i;
for(i=0;i<num_entry;i++)
pdata->enable |= (1 << sources[i]);
}
--
2.25.0
Powered by blists - more mailing lists