| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Apr 2022 10:20:34 +0800
From: baihaowen <baihaowen@...zu.com>
To: Jonathan Cameron <jic23@...nel.org>
CC: Lars-Peter Clausen <lars@...afoo.de>, <linux-iio@...r.kernel.org>,
<linux-kernel@...r.kernel.org>
Subject: Re: [PATCH V2] iio: gp2ap020a00f: Fix signedness bug
在 4/16/22 1:52 AM, Jonathan Cameron 写道:
> On Fri, 15 Apr 2022 09:20:37 +0800
> Haowen Bai <baihaowen@...zu.com> wrote:
>
>> function gp2ap020a00f_get_thresh_reg() is unsigned but returning -EINVAL
>> errcode, and thresh_reg_l is unsigned but receiving -EINVAL errcode. so
>> we have to change u8 -> int.
>>
>> Signed-off-by: Haowen Bai <baihaowen@...zu.com>
> Hi,
>
> The return value is not checked in *read_event_val(), so if we actually got
> -EINVAL (in reality we can't because the switch in *_get_thresh_reg*) always
> matches) then we'd use it to index an array (after performing some maths on
> the value). So please also add a check that the return value is not
> negative in read_event_val()
>
> Same is true or write_event_val.
>
>
> Note that the bug here is probably the fact we return -EINVAL in the
> first place. We could just stop doing that but it would be non obvious
> when looking at the code that we couldn't get a failure to match in
> the switch statement - so fixing as you have done (plus the extra
> check I'm requesting) is probably the neatest solution.
>
> Thanks,
>
> Jonathan
>
>
>> ---
>> V1->V2: s8 is not enough to hold an (arbitrary) error code. To be on the safe
>> side we need to use int
>>
>> drivers/iio/light/gp2ap020a00f.c | 6 +++---
>> 1 file changed, 3 insertions(+), 3 deletions(-)
>>
>> diff --git a/drivers/iio/light/gp2ap020a00f.c b/drivers/iio/light/gp2ap020a00f.c
>> index b820041159f7..b0e62d3c6fa0 100644
>> --- a/drivers/iio/light/gp2ap020a00f.c
>> +++ b/drivers/iio/light/gp2ap020a00f.c
>> @@ -994,7 +994,7 @@ static irqreturn_t gp2ap020a00f_trigger_handler(int irq, void *data)
>> return IRQ_HANDLED;
>> }
>>
>> -static u8 gp2ap020a00f_get_thresh_reg(const struct iio_chan_spec *chan,
>> +static int gp2ap020a00f_get_thresh_reg(const struct iio_chan_spec *chan,
>> enum iio_event_direction event_dir)
>> {
>> switch (chan->type) {
>> @@ -1025,7 +1025,7 @@ static int gp2ap020a00f_write_event_val(struct iio_dev *indio_dev,
>> struct gp2ap020a00f_data *data = iio_priv(indio_dev);
>> bool event_en = false;
>> u8 thresh_val_id;
>> - u8 thresh_reg_l;
>> + int thresh_reg_l;
>> int err = 0;
>>
>> mutex_lock(&data->lock);
>> @@ -1082,7 +1082,7 @@ static int gp2ap020a00f_read_event_val(struct iio_dev *indio_dev,
>> int *val, int *val2)
>> {
>> struct gp2ap020a00f_data *data = iio_priv(indio_dev);
>> - u8 thresh_reg_l;
>> + int thresh_reg_l;
>> int err = IIO_VAL_INT;
>>
>> mutex_lock(&data->lock);
hi Jonathan Cameron
Thank you for your suggestion. resended :).
--
Haowen Bai
Powered by blists - more mailing lists