lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <175259292421.543905.3175578919645729434.b4-ty@kernel.org>
Date: Tue, 15 Jul 2025 20:52:04 +0530
From: Vinod Koul <vkoul@...nel.org>
To: Guennadi Liakhovetski <g.liakhovetski@....de>, 
 Dan Carpenter <dan.carpenter@...aro.org>
Cc: dmaengine@...r.kernel.org, linux-kernel@...r.kernel.org, 
 kernel-janitors@...r.kernel.org
Subject: Re: [PATCH] dmaengine: nbpfaxi: Fix memory corruption in probe()


On Tue, 01 Jul 2025 17:31:40 -0500, Dan Carpenter wrote:
> The nbpf->chan[] array is allocated earlier in the nbpf_probe() function
> and it has "num_channels" elements.  These three loops iterate one
> element farther than they should and corrupt memory.
> 
> The changes to the second loop are more involved.  In this case, we're
> copying data from the irqbuf[] array into the nbpf->chan[] array.  If
> the data in irqbuf[i] is the error IRQ then we skip it, so the iterators
> are not in sync.  I added a check to ensure that we don't go beyond the
> end of the irqbuf[] array.  I'm pretty sure this can't happen, but it
> seemed harmless to add a check.
> 
> [...]

Applied, thanks!

[1/1] dmaengine: nbpfaxi: Fix memory corruption in probe()
      commit: 188c6ba1dd925849c5d94885c8bbdeb0b3dcf510

Best regards,
-- 
~Vinod

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ