| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <03c69172-b85f-d9c2-6fd4-33f3ad149142@wanadoo.fr>
Date: Thu, 20 Jul 2023 20:27:28 +0200
From: Christophe JAILLET <christophe.jaillet@...adoo.fr>
To: Dan Carpenter <dan.carpenter@...aro.org>
Cc: Miquel Raynal <miquel.raynal@...tlin.com>,
Richard Weinberger <richard@....at>,
Vignesh Raghavendra <vigneshr@...com>,
Boris Brezillon <boris.brezillon@...labora.com>,
linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org,
linux-mtd@...ts.infradead.org, Julia Lawall <Julia.Lawall@...6.fr>
Subject: Re: [PATCH] mtd: rawnand: fsl_upm: Fix an off-by one test in
fun_exec_op()
Le 20/07/2023 à 09:04, Dan Carpenter a écrit :
> On Wed, Jul 19, 2023 at 11:55:01PM +0200, Christophe JAILLET wrote:
>> 'op-cs' is copied in 'fun->mchip_number' which is used to access the
>> 'mchip_offsets' and the 'rnb_gpio' arrays.
>> These arrays have NAND_MAX_CHIPS elements, so the index must be below this
>> limit.
>>
>> Fix the sanity check in order to avoid the NAND_MAX_CHIPS value. This
>> would lead to out-of-bound accesses.
>>
>> Fixes: 54309d657767 ("mtd: rawnand: fsl_upm: Implement exec_op()")
>> Signed-off-by: Christophe JAILLET <christophe.jaillet@...adoo.fr>
>> ---
>
> Reviewed-by: Dan Carpenter <dan.carpenter@...aro.org>
>
> Good eye. I'm assuming you did something like this:
>
> #!/bin/bash
>
> FILE=$1
> WORDS=$(cat $FILE | perl -ne 'if ($_ =~ /\[([\w_]+)\];/) { print "$1\n" }' | sort -u)
> for i in $WORDS ; do
> grep -Hn " > $i" $FILE
> done
>
> regards,
> dan carpenter
>
I did with the help of a coccinelle script.
(which can certainly be improved, so adding Julia in cc: :) )
This gives decent results. I only post patches for what I confirm as an
issue. So it is likely that some good candidates will be left as-is.
So if anyone wants to give it a try, you are welcomed :)
CJ
cocci:
=====
@rule1@
identifier C =~ "[A-Z]+";
expression e;
statement S;
@@
if (e < C)
S
@ok1 depends on rule1@
identifier C = rule1.C;
expression e;
statement S;
@@
* if (e <= C)
S
@rule2@
identifier C =~ "[A-Z]+";
expression e;
statement S;
@@
if (e <= C)
S
@ok2 depends on rule2@
identifier C = rule2.C;
expression e;
statement S;
@@
* if (e < C)
S
@rule3@
identifier C =~ "[A-Z]+";
expression e;
statement S;
@@
if (e > C)
S
@ok3 depends on rule3@
identifier C = rule3.C;
expression e;
statement S;
@@
* if (e >= C)
S
@rule4@
identifier C =~ "[A-Z]+";
expression e;
statement S;
@@
if (e >= C)
S
@ok4 depends on rule4@
identifier C = rule4.C;
expression e;
statement S;
@@
* if (e > C)
S
CJ
Powered by blists - more mailing lists