lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20240225121415.273ec110@jic23-huawei>
Date: Sun, 25 Feb 2024 12:14:15 +0000
From: Jonathan Cameron <jic23@...nel.org>
To: Kees Cook <keescook@...omium.org>
Cc: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>, Lars-Peter Clausen
 <lars@...afoo.de>, Uwe Kleine-König
 <u.kleine-koenig@...gutronix.de>, Nuno Sá
 <nuno.sa@...log.com>, linux-iio@...r.kernel.org, Nathan Chancellor
 <nathan@...nel.org>, Nick Desaulniers <ndesaulniers@...gle.com>, Bill
 Wendling <morbo@...gle.com>, Justin Stitt <justinstitt@...gle.com>,
 llvm@...ts.linux.dev, Tomislav Denis <tomislav.denis@....com>,
 linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH v2] iio: pressure: dlhl60d: Initialize empty DLH bytes

On Fri, 23 Feb 2024 09:50:10 -0800
Kees Cook <keescook@...omium.org> wrote:

> On Fri, Feb 23, 2024 at 07:47:36PM +0200, Andy Shevchenko wrote:
> > On Fri, Feb 23, 2024 at 09:29:39AM -0800, Kees Cook wrote:  
> > > 3 bytes were being read but 4 were being written. Explicitly initialize
> > > the unused bytes to 0 and refactor the loop to use direct array
> > > indexing, which appears to silence a Clang false positive warning[1].  
> > 
> > ...
> >   
> > >  	for_each_set_bit(chn, indio_dev->active_scan_mask,
> > > -		indio_dev->masklength) {
> > > -		memcpy(tmp_buf + i,
> > > +			 indio_dev->masklength) {
> > > +		memcpy(&tmp_buf[i++],
> > >  			&st->rx_buf[1] + chn * DLH_NUM_DATA_BYTES,
> > >  			DLH_NUM_DATA_BYTES);
> > > -		i++;
> > >  	}  
> > 
> > Not that I'm against the changes, but they (in accordance with the commit
> > message) are irrelevant to this fix. I prefer fixes to be more focused on
> > the real issues.  
> 
> Jonathan, let me know if you'd prefer I split this patch...
> 
Andy is strictly speaking correct that the indent should be separate patch
but meh - not worth the time to split that out + the change makes the
fixed code itself easier to read. 

I added a tiny comment to say it the indent tidying up was incorporated
so the fixed code was more readable.

Applied to the fixes-togreg branch of iio.git and marked for stable.

Given timing this may well go in during the merge window rather than
before.

Jonathan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ