* serial: sh-sci: Is there a potential buffer underflow in sci_dma_rx_complete()?
@ 2021-08-12 8:10 Tuo Li
0 siblings, 0 replies; only message in thread
From: Tuo Li @ 2021-08-12 8:10 UTC (permalink / raw)
To: gregkh, jirislaby; +Cc: linux-serial, linux-kernel, baijiaju1990
Hello,
Our static analysis tool reports a possible buffer underflow in sh-sci.c
in Linux 5.14.0-rc3:
The variable active is checked in:
1304: if (active >= 0)
This indicates that it can be negative.
If so, a possible buffer underflow will occur:
1312: desc = dmaengine_prep_slave_sg(s->chan_rx, &s->sg_rx[active],
1, ....);
However, I am not sure whether &s->sg_rx[active] will be used in
dmaengine_prep_slave_sg() if the
function sci_dma_rx_find_active() called at Line 1303 returns a negative
value (-1).
Any feedback would be appreciated, thanks!
Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
Best wishes,
Tuo Li
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-08-12 8:10 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-12 8:10 serial: sh-sci: Is there a potential buffer underflow in sci_dma_rx_complete()? Tuo Li
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).