| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <tencent_B0B82F456DC094ECE982EF1ECCEC7AEA6D0A@qq.com>
Date: Tue, 8 Jul 2025 20:37:21 +0800
From: Edward Adam Davis <eadavis@...com>
To: syzbot+f1bb7e4ea47ea12b535c@...kaller.appspotmail.com
Cc: abbotti@....co.uk,
hsweeten@...ionengravers.com,
linux-kernel@...r.kernel.org,
syzkaller-bugs@...glegroups.com
Subject: [PATCH] comedi: aio_iiro_16: Prevent invlaid irq number
The irq number 0x2166 passed by the reproducer is too large and is not
within the supported range [2-7, 10-12, 14, or 15], which triggers the oob.
Fixes: ad7a370c8be4 ("staging: comedi: aio_iiro_16: add command support for change of state detection")
Reported-by: syzbot+f1bb7e4ea47ea12b535c@...kaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=f1bb7e4ea47ea12b535c
Signed-off-by: Edward Adam Davis <eadavis@...com>
---
drivers/comedi/drivers/aio_iiro_16.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/comedi/drivers/aio_iiro_16.c b/drivers/comedi/drivers/aio_iiro_16.c
index b00fab0b89d4..e43730f00c8b 100644
--- a/drivers/comedi/drivers/aio_iiro_16.c
+++ b/drivers/comedi/drivers/aio_iiro_16.c
@@ -177,7 +177,8 @@ static int aio_iiro_16_attach(struct comedi_device *dev,
* Digital input change of state interrupts are optionally supported
* using IRQ 2-7, 10-12, 14, or 15.
*/
- if ((1 << it->options[1]) & 0xdcfc) {
+ if (it->options[1] > 1 && it->options[1] < 16 &&
+ (1 << it->options[1]) & 0xdcfc) {
ret = request_irq(it->options[1], aio_iiro_16_cos, 0,
dev->board_name, dev);
if (ret == 0)
--
2.43.0
Powered by blists - more mailing lists