Re: [PATCH] char: pcmcia: fix possible array index out of bounds in set_protocol()

From: Greg KH
Date: Fri May 21 2021 - 06:59:11 EST

Next message: Catalin Marinas: "Re: [PATCH v6 05/21] arm64: Advertise CPUs capable of running 32-bit applications in sysfs"
Previous message: Aviral Gupta: "[PATCH] This commit fixes the error generated due to the wrong indentation which does not follow the codding style norms set by Linux-kernel and space- bar is used in place of tab to give space which causes a visual error for some compilers"
In reply to: Yu Kuai: "[PATCH] char: pcmcia: fix possible array index out of bounds in set_protocol()"
Next in thread: yukuai (C): "Re: [PATCH] char: pcmcia: fix possible array index out of bounds in set_protocol()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, May 21, 2021 at 06:07:05PM +0800, Yu Kuai wrote:
> The length of array 'pts_reply' is 4, and the loop in set_protocol()
> will access array element from 0 to num_bytes_read - 1. Thus if
> io_read_num_rec_bytes() gets 'num_bytes_read' more than 4, it will
> cause index out of bounds errors.

And how can num_bytes_read be greater than 4?

Ah, it is tested, but you might want to error out if that happens, as
obviously something went wrong.

Do you have this hardware to test these changes?

thanks,

greg k-h

Next message: Catalin Marinas: "Re: [PATCH v6 05/21] arm64: Advertise CPUs capable of running 32-bit applications in sysfs"
Previous message: Aviral Gupta: "[PATCH] This commit fixes the error generated due to the wrong indentation which does not follow the codding style norms set by Linux-kernel and space- bar is used in place of tab to give space which causes a visual error for some compilers"
In reply to: Yu Kuai: "[PATCH] char: pcmcia: fix possible array index out of bounds in set_protocol()"
Next in thread: yukuai (C): "Re: [PATCH] char: pcmcia: fix possible array index out of bounds in set_protocol()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]