lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <026bdf502c0af8260c67a7a851562633a6976031.camel@linaro.org>
Date: Wed, 17 Jan 2024 15:38:55 +0000
From: André Draszik <andre.draszik@...aro.org>
To: Tudor Ambarus <tudor.ambarus@...aro.org>, Sam Protsenko
	 <semen.protsenko@...aro.org>
Cc: krzysztof.kozlowski@...aro.org, alim.akhtar@...sung.com, 
	gregkh@...uxfoundation.org, jirislaby@...nel.org, 
	linux-arm-kernel@...ts.infradead.org, linux-samsung-soc@...r.kernel.org, 
	linux-kernel@...r.kernel.org, linux-serial@...r.kernel.org, 
	peter.griffin@...aro.org, kernel-team@...roid.com, willmcvicker@...gle.com
Subject: Re: [PATCH 10/18] tty: serial: samsung: make max_count unsigned int

Hi,

On Wed, 2024-01-17 at 15:21 +0000, Tudor Ambarus wrote:
> 
> 
> On 1/16/24 18:21, Sam Protsenko wrote:
> > On Wed, Jan 10, 2024 at 4:23 AM Tudor Ambarus <tudor.ambarus@...aro.org> wrote:
> > > 
> > > ``max_count`` negative values are not used. Since ``port->fifosize``
> > > is an unsigned int, make ``max_count`` the same.
> > > 
> > > Signed-off-by: Tudor Ambarus <tudor.ambarus@...aro.org>
> > > ---
> > >  drivers/tty/serial/samsung_tty.c | 2 +-
> > >  1 file changed, 1 insertion(+), 1 deletion(-)
> > > 
> > > diff --git a/drivers/tty/serial/samsung_tty.c b/drivers/tty/serial/samsung_tty.c
> > > index 90c49197efc7..dbbe6b8e3ceb 100644
> > > --- a/drivers/tty/serial/samsung_tty.c
> > > +++ b/drivers/tty/serial/samsung_tty.c
> > > @@ -760,8 +760,8 @@ static irqreturn_t s3c24xx_serial_rx_chars_dma(void *dev_id)
> > >  static void s3c24xx_serial_rx_drain_fifo(struct s3c24xx_uart_port *ourport)
> > >  {
> > >         struct uart_port *port = &ourport->port;
> > > +       unsigned int max_count = port->fifosize;
> > 
> > What if port->fifosize is 0? Then this code below:
> > 
> >     while (max_count-- > 0) {
> > 
> > would cause int overflow, if max_count is unsigned?
> > 
> 
> good catch, Sam!

Does it matter, though? As this is a post-decrement, the test is done first, and the
decrement after. Therefore, it'll still bail out as expected.

> I'm thinking of amending this and add at the beginning of the method:
> 
> if (!max_count)
> 	return tty_flip_buffer_push(&port->state->port);

This will not help with overflow. It'll still have wrapped around after completing the
while() (always, no matter what start-value max_count had)

Cheers,
Andre'

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ