lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <b0a2d809-943b-d5fe-fbb4-32d23e501ae3@baylibre.com>
Date:   Wed, 21 Jun 2023 14:15:17 +0200
From:   Alexandre Mergnat <amergnat@...libre.com>
To:     "Jason-JH.Lin" <jason-jh.lin@...iatek.com>,
        Chun-Kuang Hu <chunkuang.hu@...nel.org>,
        AngeloGioacchino Del Regno 
        <angelogioacchino.delregno@...labora.com>
Cc:     Matthias Brugger <matthias.bgg@...il.com>,
        Jason-ch Chen <jason-ch.chen@...iatek.com>,
        Johnson Wang <johnson.wang@...iatek.com>,
        Singo Chang <singo.chang@...iatek.com>,
        Nancy Lin <nancy.lin@...iatek.com>,
        Shawn Sung <shawn.sung@...iatek.com>,
        dri-devel@...ts.freedesktop.org,
        linux-mediatek@...ts.infradead.org,
        linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
        Project_Global_Chrome_Upstream_Group@...iatek.com
Subject: Re: [PATCH v3 2/4] drm/mediatek: Add cnt checking for coverity issue

On 21/06/2023 12:22, Jason-JH.Lin wrote:
> CERT-C Characters and Strings (CERT STR31-C)
> all_drm_priv[cnt] evaluates to an address that could be at negative
> offset of an array.
> 
> In mtk_drm_get_all_drm_priv():
> Guarantee that storage for strings has sufficient space for character
> data and the null terminator.
> 
> So change cnt to unsigned int and check its max value.

Reviewed-by: Alexandre Mergnat <amergnat@...libre.com>

-- 
Regards,
Alexandre

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ