Re: [PATCH] EDAC/xilinx: Fix stack off-by-one in debugfs UE injection handlers

Next message: Leonardo Bras: "[PATCH v1 12/12] KVM: arm64: Enable KVM_HW_DIRTY_BIT"
Previous message: Vladimir Oltean: "[PATCH v7 phy-next 26/27] phy: remove temporary provider compatibility from consumer header"
In reply to: Zhuo, Qiuxu: "RE: [PATCH] EDAC/xilinx: Fix stack off-by-one in debugfs UE injection handlers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Datta, Shubhrajyoti

Date: Thu Apr 30 2026 - 07:27:16 EST

On 4/25/2026 12:19 AM, Shengzhuo Wei wrote:

[You don't often get email from me@xxxxxxxx. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]

Caution: This message originated from an External Source. Use proper caution when opening attachments, clicking links, or responding.

Two EDAC debugfs write handlers copy up to sizeof(buf) bytes into a
fixed-size stack buffer and then unconditionally NUL-terminate it via
buf[len] = '\0'. When userspace writes >= sizeof(buf) bytes, len
becomes sizeof(buf) and the NUL write lands 1 byte past the end of the
stack buffer.

Fix by clamping the copy length to sizeof(buf) - 1 so that the NUL
terminator is always in-bounds.

Fixes: 3bd2706c910f ("EDAC/zynqmp: Add EDAC support for Xilinx ZynqMP OCM")
Fixes: 83bf24051a60 ("EDAC/versal: Make the bit position of injected errors configurable")
Signed-off-by: Shengzhuo Wei <me@xxxxxxxx>
---

Reviewed-by: Shubhrajyoti Datta <shubhrajyoti.datta@xxxxxxx>