From: Armin Wolf <W_Armin@gmx.de>
To: rafael@kernel.org, lenb@kernel.org
Cc: linux-acpi@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH v2 0/2] ACPI: battery: Fix various string handling issues
Date: Thu, 19 Jan 2023 15:21:13 +0100 [thread overview]
Message-ID: <20230119142115.38260-1-W_Armin@gmx.de> (raw)
On my Dell Inspiron 3505, the battery model name was displayed
differently than when running Windows. While i first suspected an
ACPI issue, it turned out that the real reason was the ACPI battery
driver failing to handle strings larger than 32 bytes.
This caused the model name of the battery (35 bytes long, hex string)
to miss proper NUL-termination, resulting in a buffer overread later.
Luckily, a valid string was stored right after the now invalid string,
appending only the battery serial number to the original model name.
The first patch fixes a potential buffer overread then handling buffers,
while the second patch finally increases the maximum string length to
avoid truncating such larger strings.
The patch series was tested on a Dell Inspiron 3505 and appears
to work properly.
---
Changes in v2:
- Drop first patch since it was already applied
- combine the second and third patch
- do not replace 0 with '\0'
- spell ACPI in capitals
- rework the buffer length hdanling
Armin Wolf (2):
ACPI: battery: Fix buffer overread if not NUL-terminated
ACPI: battery: Increase maximum string length
drivers/acpi/battery.c | 35 +++++++++++++++++++++++------------
1 file changed, 23 insertions(+), 12 deletions(-)
--
2.30.2
next reply other threads:[~2023-01-19 14:21 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-19 14:21 Armin Wolf [this message]
2023-01-19 14:21 ` [PATCH v2 1/2] ACPI: battery: Fix buffer overread if not NUL-terminated Armin Wolf
2023-01-19 14:21 ` [PATCH v2 2/2] ACPI: battery: Increase maximum string length Armin Wolf
2023-01-30 9:14 ` [PATCH v2 0/2] ACPI: battery: Fix various string handling issues Armin Wolf
2023-01-30 12:29 ` Rafael J. Wysocki
2023-01-30 15:45 ` Rafael J. Wysocki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230119142115.38260-1-W_Armin@gmx.de \
--to=w_armin@gmx.de \
--cc=lenb@kernel.org \
--cc=linux-acpi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rafael@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.