Re: [PATCH] mfd: tps6507x - fix off-by-one value range checking
From: Samuel Ortiz
Date: Tue Oct 19 2010 - 06:19:33 EST
Hi Axel,
On Wed, Oct 13, 2010 at 10:44:39AM +0800, Axel Lin wrote:
> We use msg[0] for device register.
> If bytes == (TPS6507X_MAX_REGISTER + 1),
> we got a buffer overflow when doing memcpy(&msg[1], src, bytes);
> Thus we must ensure bytes not greater than TPS6507X_MAX_REGISTER.
Thanks, patch applied to my for-next tree.
Cheers,
Samuel.
--
Intel Open Source Technology Centre
http://oss.intel.com/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/