| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 24 Feb 2021 10:55:52 +0300
From: Dan Carpenter <dan.carpenter@...cle.com>
To: Colin King <colin.king@...onical.com>
Cc: Roger Quadros <rogerq@...nel.org>,
Tony Lindgren <tony@...mide.com>,
Krzysztof Kozlowski <krzk@...nel.org>,
linux-omap@...r.kernel.org, kernel-janitors@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] memory: gpmc: fix out of bounds read and dereference on
gpmc_cs[]
On Tue, Feb 23, 2021 at 07:38:21PM +0000, Colin King wrote:
> From: Colin Ian King <colin.king@...onical.com>
>
> Currently the array gpmc_cs is indexed by cs before it cs is range checked
> and the pointer read from this out-of-index read is dereferenced. Fix this
> by performing the range check on cs before the read and the following
> pointer dereference.
>
> Addresses-Coverity: ("Negative array index read")
> Fixes: 186401937927 ("memory: gpmc: Move omap gpmc code to live under drivers")
> Signed-off-by: Colin Ian King <colin.king@...onical.com>
> ---
> drivers/memory/omap-gpmc.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/memory/omap-gpmc.c b/drivers/memory/omap-gpmc.c
> index cfa730cfd145..f80c2ea39ca4 100644
> --- a/drivers/memory/omap-gpmc.c
> +++ b/drivers/memory/omap-gpmc.c
> @@ -1009,8 +1009,8 @@ EXPORT_SYMBOL(gpmc_cs_request);
>
> void gpmc_cs_free(int cs)
> {
> - struct gpmc_cs_data *gpmc = &gpmc_cs[cs];
> - struct resource *res = &gpmc->mem;
There is no actual dereferencing going on here, it just taking the
addresses. But the patch is also harmless and improves readability.
regards,
dan carpenter
Powered by blists - more mailing lists