lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZdjaOLVd1yxNXhsp@smile.fi.intel.com>
Date: Fri, 23 Feb 2024 19:47:36 +0200
From: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
To: Kees Cook <keescook@...omium.org>
Cc: Jonathan Cameron <jic23@...nel.org>,
	Lars-Peter Clausen <lars@...afoo.de>,
	Uwe Kleine-König <u.kleine-koenig@...gutronix.de>,
	Nuno Sá <nuno.sa@...log.com>,
	linux-iio@...r.kernel.org, Nathan Chancellor <nathan@...nel.org>,
	Nick Desaulniers <ndesaulniers@...gle.com>,
	Bill Wendling <morbo@...gle.com>,
	Justin Stitt <justinstitt@...gle.com>, llvm@...ts.linux.dev,
	Tomislav Denis <tomislav.denis@....com>,
	linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH v2] iio: pressure: dlhl60d: Initialize empty DLH bytes

On Fri, Feb 23, 2024 at 09:29:39AM -0800, Kees Cook wrote:
> 3 bytes were being read but 4 were being written. Explicitly initialize
> the unused bytes to 0 and refactor the loop to use direct array
> indexing, which appears to silence a Clang false positive warning[1].

..

>  	for_each_set_bit(chn, indio_dev->active_scan_mask,
> -		indio_dev->masklength) {
> -		memcpy(tmp_buf + i,
> +			 indio_dev->masklength) {
> +		memcpy(&tmp_buf[i++],
>  			&st->rx_buf[1] + chn * DLH_NUM_DATA_BYTES,
>  			DLH_NUM_DATA_BYTES);
> -		i++;
>  	}

Not that I'm against the changes, but they (in accordance with the commit
message) are irrelevant to this fix. I prefer fixes to be more focused on
the real issues.

-- 
With Best Regards,
Andy Shevchenko



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ