Re: [PATCH v2] USB: serial: kl5kusb105: fix bulk-out buffer overflow

Next message: Bartosz Golaszewski: "Re: [PATCH net-next v2 12/14] gpio: tc956x: add TC956x/QPS615 support"
Previous message: Andreas Hindborg: "Re: [PATCH v2 2/2] rust: add a wrapper for the `nr_online_nodes` C function"
In reply to: HyeongJun An: "[PATCH v2] USB: serial: kl5kusb105: fix bulk-out buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Johan Hovold

Date: Mon Jun 08 2026 - 07:54:34 EST

On Mon, Jun 08, 2026 at 06:09:26PM +0900, HyeongJun An wrote:
> klsi_105_prepare_write_buffer() is called by the generic write path
> with the bulk-out buffer and its size (bulk_out_size, 64 bytes). It
> stores a two-byte length header at the start of the buffer and copies
> the payload from the write fifo starting at buf + KLSI_HDR_LEN, but
> passes the full buffer size as the number of bytes to copy:
>
> count = kfifo_out_locked(&port->write_fifo, buf + KLSI_HDR_LEN,
> size, &port->lock);
>
> When the fifo holds at least size bytes, size bytes are copied starting
> two bytes into the size-byte buffer, writing KLSI_HDR_LEN bytes past its
> end. Copy at most size - KLSI_HDR_LEN bytes instead, leaving room for
> the header as safe_serial already does.

> Fixes: 60b3013cdaf3 ("USB: kl5usb105: reimplement using generic framework")
> Cc: stable@xxxxxxxxxxxxxxx
> Assisted-by: Claude:claude-opus-4-8
> Signed-off-by: HyeongJun An <sammiee5311@xxxxxxxxx>
> ---
> v2:
> - Add Assisted-by tag as requested by Johan.

Now applied, thanks.

Johan