Re: [PATCH 1/2] iio: fix possible buffer overflow

From: Alexandre Belloni
Date: Sat May 03 2014 - 12:12:21 EST


On 03/05/2014 at 11:11:50 +0100, Jonathan Cameron wrote :
> On 02/05/14 23:40, Alexandre Belloni wrote:
> >Found using smatch:
> >drivers/iio/industrialio-core.c:719 iio_device_add_info_mask_type() error:
> >buffer overflow 'iio_chan_info_postfix' 17 <= 63
> >
> >It was probably never hit because the info_mask_* members are filled by using
> >the BIT() macro with values from the iio_chan_info_enum enum that also serve as
> >the index of the iio_chan_info_postfix array.
> >
> >Signed-off-by: Alexandre Belloni <alexandre.belloni@xxxxxxxxxxxxxxxxxx>
> See
> ef4b4856593fc3d9d169bededdaf7acf62f83a52
> iio:core: Fix bug in length of event info_mask and catch unhandled bits set in masks.
>
> Which fixes the same issue in a slightly different way.
>
> Pretty recent patch though and this was there for ages before that.
> Better to have two fixes than none.
>

Yeah, I missed your patch and it didn't hit Linus' tree yet. Sorry about
the noise, next time I'll try to remember to check your tree.

--
Alexandre Belloni, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/