| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20241112202825.17322-1-surajsonawane0215@gmail.com>
Date: Wed, 13 Nov 2024 01:58:25 +0530
From: Suraj Sonawane <surajsonawane0215@...il.com>
To: Helge Deller <deller@....de>
Cc: linux-fbdev@...r.kernel.org,
dri-devel@...ts.freedesktop.org,
linux-kernel@...r.kernel.org,
Suraj Sonawane <surajsonawane0215@...il.com>
Subject: [PATCH] video: fbdev: metronomefb: Fix buffer overflow in load_waveform()
Fix an error detected by the Smatch tool:
drivers/video/fbdev/metronomefb.c:220 load_waveform() error:
buffer overflow 'wfm_hdr->stuff2a' 2 <= 4
drivers/video/fbdev/metronomefb.c:220 load_waveform() error:
buffer overflow 'wfm_hdr->stuff2a' 2 <= 4
The access to wfm_hdr->stuff2a in the loop can lead to a buffer
overflow if stuff2a is not large enough. To fix this, a check was
added to ensure that stuff2a has sufficient space before accessing
it. This prevents the overflow and improves the safety of the code.
Signed-off-by: Suraj Sonawane <surajsonawane0215@...il.com>
---
drivers/video/fbdev/metronomefb.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/video/fbdev/metronomefb.c b/drivers/video/fbdev/metronomefb.c
index 6f0942c6e..9da55cef2 100644
--- a/drivers/video/fbdev/metronomefb.c
+++ b/drivers/video/fbdev/metronomefb.c
@@ -210,6 +210,12 @@ static int load_waveform(u8 *mem, size_t size, int m, int t,
}
wfm_hdr->mc += 1;
wfm_hdr->trc += 1;
+
+ if (sizeof(wfm_hdr->stuff2a) < 5) {
+ dev_err(dev, "Error: insufficient space in stuff2a\n");
+ return -EINVAL;
+ }
+
for (i = 0; i < 5; i++) {
if (*(wfm_hdr->stuff2a + i) != 0) {
dev_err(dev, "Error: unexpected value in padding\n");
--
2.34.1
Powered by blists - more mailing lists