| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 5 Apr 2020 12:59:48 +0100
From: Jonathan Cameron <jic23@...nel.org>
To: "Ardelean, Alexandru" <alexandru.Ardelean@...log.com>
Cc: "stefan.popa@...log.com" <stefan.popa@...log.com>,
"Tachici, Alexandru" <Alexandru.Tachici@...log.com>,
"Caprioru, Mircea" <Mircea.Caprioru@...log.com>,
"linux-iio@...r.kernel.org" <linux-iio@...r.kernel.org>,
"colin.king@...onical.com" <colin.king@...onical.com>,
"Hennerich, Michael" <Michael.Hennerich@...log.com>,
"lars@...afoo.de" <lars@...afoo.de>,
"knaack.h@....de" <knaack.h@....de>,
"pmeerw@...erw.net" <pmeerw@...erw.net>,
"kernel-janitors@...r.kernel.org" <kernel-janitors@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH][next] iio: dac: ad5770r: fix off-by-one check on
maximum number of channels
On Fri, 3 Apr 2020 13:26:00 +0000
"Ardelean, Alexandru" <alexandru.Ardelean@...log.com> wrote:
> On Fri, 2020-04-03 at 13:58 +0100, Colin King wrote:
> > [External]
> >
> > From: Colin Ian King <colin.king@...onical.com>
> >
> > Currently there is an off-by-one check on the number of channels that
> > will cause an arry overrun in array st->output_mode when calling the
> > function d5770r_store_output_range. Fix this by using >= rather than >
> > to check for maximum number of channels.
> >
>
> Reviewed-by: Alexandru Ardelean <alexandru.ardelean@...log.com>
>
> > Addresses-Coverity: ("Out-of-bounds access")
> > Fixes: cbbb819837f6 ("iio: dac: ad5770r: Add AD5770R support")
> > Signed-off-by: Colin Ian King <colin.king@...onical.com>
Applied to the fixes-togreg branch of iio.git.
thanks
Jonathan
> > ---
> > drivers/iio/dac/ad5770r.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/iio/dac/ad5770r.c b/drivers/iio/dac/ad5770r.c
> > index a98ea76732e7..2d7623b9b2c0 100644
> > --- a/drivers/iio/dac/ad5770r.c
> > +++ b/drivers/iio/dac/ad5770r.c
> > @@ -525,7 +525,7 @@ static int ad5770r_channel_config(struct ad5770r_state
> > *st)
> > ret = fwnode_property_read_u32(child, "num", &num);
> > if (ret)
> > return ret;
> > - if (num > AD5770R_MAX_CHANNELS)
> > + if (num >= AD5770R_MAX_CHANNELS)
> > return -EINVAL;
> >
> > ret = fwnode_property_read_u32_array(child,
Powered by blists - more mailing lists