lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <03c69172-b85f-d9c2-6fd4-33f3ad149142@wanadoo.fr>
Date:   Thu, 20 Jul 2023 20:27:28 +0200
From:   Christophe JAILLET <christophe.jaillet@...adoo.fr>
To:     Dan Carpenter <dan.carpenter@...aro.org>
Cc:     Miquel Raynal <miquel.raynal@...tlin.com>,
        Richard Weinberger <richard@....at>,
        Vignesh Raghavendra <vigneshr@...com>,
        Boris Brezillon <boris.brezillon@...labora.com>,
        linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org,
        linux-mtd@...ts.infradead.org, Julia Lawall <Julia.Lawall@...6.fr>
Subject: Re: [PATCH] mtd: rawnand: fsl_upm: Fix an off-by one test in
 fun_exec_op()

Le 20/07/2023 à 09:04, Dan Carpenter a écrit :
> On Wed, Jul 19, 2023 at 11:55:01PM +0200, Christophe JAILLET wrote:
>> 'op-cs' is copied in 'fun->mchip_number' which is used to access the
>> 'mchip_offsets' and the 'rnb_gpio' arrays.
>> These arrays have NAND_MAX_CHIPS elements, so the index must be below this
>> limit.
>>
>> Fix the sanity check in order to avoid the NAND_MAX_CHIPS value. This
>> would lead to out-of-bound accesses.
>>
>> Fixes: 54309d657767 ("mtd: rawnand: fsl_upm: Implement exec_op()")
>> Signed-off-by: Christophe JAILLET <christophe.jaillet@...adoo.fr>
>> ---
> 
> Reviewed-by: Dan Carpenter <dan.carpenter@...aro.org>
> 
> Good eye.  I'm assuming you did something like this:
> 
> #!/bin/bash
> 
> FILE=$1
> WORDS=$(cat $FILE | perl -ne 'if ($_ =~ /\[([\w_]+)\];/) { print "$1\n" }' | sort -u)
> for i in $WORDS ; do
>      grep -Hn " > $i" $FILE
> done
> 
> regards,
> dan carpenter
> 

I did with the help of a coccinelle script.
(which can certainly be improved, so adding Julia in cc: :) )

This gives decent results. I only post patches for what I confirm as an 
issue. So it is likely that some good candidates will be left as-is.

So if anyone wants to give it a try, you are welcomed :)

CJ


cocci:
=====
@rule1@
identifier C =~ "[A-Z]+";
expression e;
statement S;
@@
	if (e < C)
		S

@ok1 depends on rule1@
identifier C = rule1.C;
expression e;
statement S;
@@
*	if (e <= C)
		S



@rule2@
identifier C =~ "[A-Z]+";
expression e;
statement S;
@@
	if (e <= C)
		S

@ok2 depends on rule2@
identifier C = rule2.C;
expression e;
statement S;
@@
*	if (e < C)
		S



@rule3@
identifier C =~ "[A-Z]+";
expression e;
statement S;
@@
	if (e > C)
		S

@ok3 depends on rule3@
identifier C = rule3.C;
expression e;
statement S;
@@
*	if (e >= C)
		S



@rule4@
identifier C =~ "[A-Z]+";
expression e;
statement S;
@@
	if (e >= C)
		S

@ok4 depends on rule4@
identifier C = rule4.C;
expression e;
statement S;
@@
*	if (e > C)
		S


CJ

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ