| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240415131217.t3zfjucclauc3rkz@begin>
Date: Mon, 15 Apr 2024 15:12:17 +0200
From: Samuel Thibault <samuel.thibault@...-lyon.org>
To: Dan Carpenter <dan.carpenter@...aro.org>
Cc: William Hubbs <w.d.hubbs@...il.com>,
Chris Brannon <chris@...-brannons.com>,
Kirk Reiser <kirk@...sers.ca>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Randy Dunlap <rdunlap@...radead.org>, speakup@...ux-speakup.org,
linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org
Subject: Re: [PATCH] speakup: Fix sizeof() vs ARRAY_SIZE() bug
Dan Carpenter, le lun. 15 avril 2024 14:02:23 +0300, a ecrit:
> The "buf" pointer is an array of u16 values. This code should be
> using ARRAY_SIZE() (which is 256) instead of sizeof() (which is 512),
> otherwise it can the still got out of bounds.
>
> Fixes: c8d2f34ea96e ("speakup: Avoid crash on very long word")
> Cc: stable@...r.kernel.org
> Signed-off-by: Dan Carpenter <dan.carpenter@...aro.org>
Reviewed-by: Samuel Thibault <samuel.thibault@...-lyon.org
Thanks!
> ---
> drivers/accessibility/speakup/main.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/accessibility/speakup/main.c b/drivers/accessibility/speakup/main.c
> index 736c2eb8c0f3..f677ad2177c2 100644
> --- a/drivers/accessibility/speakup/main.c
> +++ b/drivers/accessibility/speakup/main.c
> @@ -574,7 +574,7 @@ static u_long get_word(struct vc_data *vc)
> }
> attr_ch = get_char(vc, (u_short *)tmp_pos, &spk_attr);
> buf[cnt++] = attr_ch;
> - while (tmpx < vc->vc_cols - 1 && cnt < sizeof(buf) - 1) {
> + while (tmpx < vc->vc_cols - 1 && cnt < ARRAY_SIZE(buf) - 1) {
> tmp_pos += 2;
> tmpx++;
> ch = get_char(vc, (u_short *)tmp_pos, &temp);
> --
> 2.43.0
>
Powered by blists - more mailing lists