From: Timur Tabi <timur@kernel.org>
To: Stephen Rothwell <sfr@canb.auug.org.au>,
york sun <york.sun@nxp.com>,
b08248@gmail.com, swood@redhat.com
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
PowerPC Mailing List <linuxppc-dev@lists.ozlabs.org>,
Jiri Slaby <jslaby@suse.com>
Subject: Re: [PATCH] evh_bytechan: fix out of bounds accesses
Date: Mon, 13 Jan 2020 10:03:18 -0600 [thread overview]
Message-ID: <CAOZdJXXiKgz=hOoiaTrxgbnwzyvp1Zfn3aCz+0__i17vyFngRg@mail.gmail.com> (raw)
In-Reply-To: <20200109183912.5fcb52aa@canb.auug.org.au>
On Thu, Jan 9, 2020 at 1:41 AM Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>
> ev_byte_channel_send() assumes that its third argument is a 16 byte array.
> Some places where it is called it may not be (or we can't easily tell
> if it is). Newer compilers have started producing warnings about this,
> so make sure we actually pass a 16 byte array.
...
> +static unsigned int local_ev_byte_channel_send(unsigned int handle,
> + unsigned int *count, const char *p)
> +{
> + char buffer[EV_BYTE_CHANNEL_MAX_BYTES];
> + unsigned int c = *count;
> +
> + if (c < sizeof(buffer)) {
> + memcpy(buffer, p, c);
> + memset(&buffer[c], 0, sizeof(buffer) - c);
> + p = buffer;
> + }
> + return ev_byte_channel_send(handle, count, p);
> +}
Why not simply correct the parameters of ev_byte_channel_send?
static inline unsigned int ev_byte_channel_send(unsigned int handle,
-unsigned int *count, const char buffer[EV_BYTE_CHANNEL_MAX_BYTES])
+unsigned int *count, const char *buffer)
Back then, I probably thought I was just being clever with this code,
but I realize now that it doesn't make sense to do the way I did.
next prev parent reply other threads:[~2020-01-13 16:05 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-09 7:39 [PATCH] evh_bytechan: fix out of bounds accesses Stephen Rothwell
2020-01-13 12:26 ` Michael Ellerman
2020-01-13 13:48 ` Timur Tabi
2020-01-13 14:34 ` Laurentiu Tudor
2020-01-13 15:48 ` Timur Tabi
2020-01-14 1:10 ` Michael Ellerman
2020-01-14 9:18 ` Laurentiu Tudor
2020-01-14 11:01 ` Timur Tabi
2020-01-13 16:03 ` Timur Tabi [this message]
2020-01-13 20:25 ` Stephen Rothwell
2020-01-14 1:10 ` Timur Tabi
2020-01-14 1:13 ` Timur Tabi
2020-01-14 1:17 ` Scott Wood
2020-01-14 6:31 ` Stephen Rothwell
2020-01-15 12:33 ` Laurentiu Tudor
2020-01-15 13:25 ` Timur Tabi
2020-01-15 19:42 ` Stephen Rothwell
2020-01-15 20:01 ` Scott Wood
2020-01-16 0:37 ` Stephen Rothwell
2020-02-20 23:57 ` Stephen Rothwell
2020-02-25 9:54 ` Laurentiu Tudor
2020-02-25 20:56 ` Stephen Rothwell
2020-02-26 9:43 ` Laurentiu Tudor
2020-01-16 2:29 ` Timur Tabi
2020-01-14 8:29 ` Segher Boessenkool
2020-01-14 11:53 ` Timur Tabi
2020-01-14 12:24 ` Segher Boessenkool
2020-03-17 13:14 ` Michael Ellerman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAOZdJXXiKgz=hOoiaTrxgbnwzyvp1Zfn3aCz+0__i17vyFngRg@mail.gmail.com' \
--to=timur@kernel.org \
--cc=b08248@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=jslaby@suse.com \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=sfr@canb.auug.org.au \
--cc=swood@redhat.com \
--cc=york.sun@nxp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).