| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 6 Feb 2023 10:42:22 +0200
From: Tudor Ambarus <tudor.ambarus@...aro.org>
To: pratyush@...nel.org, michael@...le.cc, lrannou@...libre.com,
Alexander.Stein@...group.com,
Tudor Ambarus <tudor.ambarus@...aro.org>
Cc: linux-mtd@...ts.infradead.org, linux-kernel@...r.kernel.org,
stable@...r.kernel.org
Subject: Re: [PATCH v3] mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type
On Fri, 03 Feb 2023 09:07:54 +0200, Tudor Ambarus wrote:
> spi_nor_set_erase_type() was used either to set or to mask out an erase
> type. When we used it to mask out an erase type a shift-out-of-bounds
> was hit:
> UBSAN: shift-out-of-bounds in drivers/mtd/spi-nor/core.c:2237:24
> shift exponent 4294967295 is too large for 32-bit type 'int'
>
> The setting of the size_{shift, mask} and of the opcode are unnecessary
> when the erase size is zero, as throughout the code just the erase size
> is considered to determine whether an erase type is supported or not.
> Setting the opcode to 0xFF was wrong too as nobody guarantees that 0xFF
> is an unused opcode. Thus when masking out an erase type, just set the
> erase size to zero. This will fix the shift-out-of-bounds.
>
> [...]
Applied to spi-nor/next, thanks!
[1/1] mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type
https://git.kernel.org/mtd/c/f0f0cfdc3a02
Best regards,
--
Tudor Ambarus <tudor.ambarus@...aro.org>
Powered by blists - more mailing lists