| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250917152246.GD28673@nxa18884-linux.ap.freescale.net>
Date: Wed, 17 Sep 2025 23:22:46 +0800
From: Peng Fan <peng.fan@....nxp.com>
To: Harini T <harini.t@....com>
Cc: jassisinghbrar@...il.com, michal.simek@....com,
linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
git@....com
Subject: Re: [PATCH 2/3] mailbox: zynqmp-ipi: Fix out-of-bounds access in
mailbox cleanup loop
On Fri, Aug 22, 2025 at 10:27:31AM +0530, Harini T wrote:
>Fix mailbox cleanup loop that accesses array out-of-bounds by starting
>at num_boxes instead of numb_boxes-1 for 0-indexed arrays.
>
Fix tag?
>Signed-off-by: Harini T <harini.t@....com>
>---
> drivers/mailbox/zynqmp-ipi-mailbox.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/drivers/mailbox/zynqmp-ipi-mailbox.c b/drivers/mailbox/zynqmp-ipi-mailbox.c
>index bdcc6937ee30..3b806d1f89bb 100644
>--- a/drivers/mailbox/zynqmp-ipi-mailbox.c
>+++ b/drivers/mailbox/zynqmp-ipi-mailbox.c
>@@ -891,7 +891,7 @@ static void zynqmp_ipi_free_mboxes(struct zynqmp_ipi_pdata *pdata)
> xlnx_mbox_cleanup_sgi(pdata);
>
> i = pdata->num_mboxes;
>- for (; i >= 0; i--) {
>+ for (i--; i >= 0; i--) {
I would avoid i-- as the 1st param in for loop.
i = pdata->num_mboxes - 1;
or
for (i = 0; i < pdata->num_mboxes; i++)
Thanks,
Peng
> ipi_mbox = &pdata->ipi_mboxes[i];
> if (device_is_registered(&ipi_mbox->dev))
> device_unregister(&ipi_mbox->dev);
>--
>2.43.0
>
Powered by blists - more mailing lists