Re: [PATCH] auxdisplay: line-display: fix OOB read on zero-length message_store()

Next message: Nam Cao: "Re: [PATCH v2 06/14] verification/rvgen: Fix options shared among commands"
Previous message: Tomas Glozar: "Re: [PATCH v2] tools/rtla: Fix --dump-tasks usage in timerlat"
In reply to: Andy Shevchenko: "Re: [PATCH] auxdisplay: line-display: fix OOB read on zero-length message_store()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Stepan Ionichev

Date: Mon May 18 2026 - 04:51:42 EST

On Mon, May 18, 2026 at 11:15:00AM +0300, Andy Shevchenko wrote:
> Good points. Should I drop the patch and ask for a new commit message
> (and Fixes tag)?

The current line-display.c message_store() calls linedisp_display(linedisp,
buf, count) unconditionally, with no count == 0 short-circuit, so
write(fd, "", 0) still reaches msg[-1]. The afcb5a811ff3a fix Geert mentions
was on img-ascii-lcd's own message_store before the shared code was extracted;
when 7e76aece6f03 pulled linedisp_display into line-display.c, the empty-write
guard didn't come with it.

So both paths trigger the same dereference: zero-byte sysfs writes and
PANEL_BOOT_MESSAGE="" via linedisp_attach(). The underlying bug sits in
7e76aece6f03 either way, so I think the existing Fixes is right and no
respin is needed. Happy to send v2 with both commits mentioned in the log
if you'd prefer that.

Stepan