lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20210215151414.6542yhluvx3yvbia@ti.com>
Date:   Mon, 15 Feb 2021 20:44:16 +0530
From:   Pratyush Yadav <p.yadav@...com>
To:     Mathieu Dubois-Briand <mbriand@...ekio.com>
CC:     Vignesh Raghavendra <vigneshr@...com>,
        Boris Brezillon <bbrezillon@...nel.org>,
        Richard Weinberger <richard@....at>,
        Tudor Ambarus <tudor.ambarus@...rochip.com>,
        <linux-kernel@...r.kernel.org>, <linux-mtd@...ts.infradead.org>,
        Miquel Raynal <miquel.raynal@...tlin.com>
Subject: Re: [PATCH] mtd: spi-nor: sfdp: Fix out of bound array access

On 12/02/21 04:47PM, Mathieu Dubois-Briand wrote:
> Fix array index: explicitly use the array length to access the last
> element, instead of an incorrectly set iteration variable.
> 
> It seems this code was correct before following commit, were the
> iteration counter is reused, leading to a value that may be out of
> bound.
> Fixes: dc92843159a7 ("mtd: spi-nor: fix erase_type array to indicate
> current map conf")
> 
> Signed-off-by: Mathieu Dubois-Briand <mbriand@...ekio.com>
> ---
>  drivers/mtd/spi-nor/sfdp.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/mtd/spi-nor/sfdp.c b/drivers/mtd/spi-nor/sfdp.c
> index 6ee7719e5903..11cc5d19e286 100644
> --- a/drivers/mtd/spi-nor/sfdp.c
> +++ b/drivers/mtd/spi-nor/sfdp.c
> @@ -881,7 +881,7 @@ spi_nor_init_non_uniform_erase_map(struct spi_nor *nor,
>  		if (!(regions_erase_type & BIT(erase[i].idx)))
>  			spi_nor_set_erase_type(&erase[i], 0, 0xFF);
>  
> -	spi_nor_region_mark_end(&region[i - 1]);
> +	spi_nor_region_mark_end(&region[region_count - 1]);

I'm not too familiar with the non-uniform erase code but this looks good 
at first look. Small nitpick: move this line just after the above for 
loop that initializes this array.

>  
>  	return 0;
>  }
> -- 
> 2.25.1
> 
> 
> ______________________________________________________
> Linux MTD discussion mailing list
> http://lists.infradead.org/mailman/listinfo/linux-mtd/

-- 
Regards,
Pratyush Yadav
Texas Instruments Inc.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ