| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <tencent_5F7E6FB82C0D6CF49454E862ED32CFDC780A@qq.com>
Date: Thu, 19 Jun 2025 21:37:43 +0800
From: Edward Adam Davis <eadavis@...com>
To: syzbot+3bbbade4e1a7ab45ca3b@...kaller.appspotmail.com
Cc: jdelvare@...e.com,
linux-hwmon@...r.kernel.org,
linux-kernel@...r.kernel.org,
linux@...ck-us.net,
mail@...iuszachmann.de,
syzkaller-bugs@...glegroups.com
Subject: [PATCH] hwmon: fill it with 0 when data size is insufficient
When the data size returned by the sensor is less than IN_BUFFER_SIZE,
it is padded with 0.
Reported-by: syzbot+3bbbade4e1a7ab45ca3b@...kaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=3bbbade4e1a7ab45ca3b
Signed-off-by: Edward Adam Davis <eadavis@...com>
---
drivers/hwmon/corsair-cpro.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/hwmon/corsair-cpro.c b/drivers/hwmon/corsair-cpro.c
index e1a7f7aa7f80..274864e8a8e7 100644
--- a/drivers/hwmon/corsair-cpro.c
+++ b/drivers/hwmon/corsair-cpro.c
@@ -157,6 +157,8 @@ static int ccp_raw_event(struct hid_device *hdev, struct hid_report *report, u8
spin_lock(&ccp->wait_input_report_lock);
if (!completion_done(&ccp->wait_input_report)) {
memcpy(ccp->buffer, data, min(IN_BUFFER_SIZE, size));
+ if (size < IN_BUFFER_SIZE)
+ memset(ccp->buffer + size, 0, IN_BUFFER_SIZE - size);
complete_all(&ccp->wait_input_report);
}
spin_unlock(&ccp->wait_input_report_lock);
--
2.43.0
Powered by blists - more mailing lists