Re: [PATCH v2] serial: max310x: Fix out of bounds access

From: Alexander Shiyan
Date: Wed Aug 12 2015 - 06:35:28 EST

Next message: Mark Brown: "Re: [PATCH 00/20] Regmap max_raw_io and bmc150 SPI support"
Previous message: Daniel Kurtz: "Re: [PATCH 07/20] regmap: Without bus read() or write(), force use_single_rw"
In reply to: Su Kang Yin: "[PATCH v2] serial: max310x: Fix out of bounds access"
Next in thread: Kang Yin Su: "Re: [PATCH v2] serial: max310x: Fix out of bounds access"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> ÐÑÐÐÐ, 12 ÐÐÐÑÑÑÐ 2015, 15:36 +08:00 ÐÑ cantona <cantona@xxxxxxxxxxx>:
>
>
> added Alexander Shiyan < shc_work@xxxxxxx >.
>
> On 12 August 2015 at 15:22, Su Kang Yin < cantona@xxxxxxxxxxx > wrote:
> >Max310x driver supports up to 4 UART devices but array size of
> >"struct max310x_one" is set to 1. That leads to out of bounds
> >access on UART port registration.
> >
> >This patch fixed it by increase the array size to 4 which is
> >maximum supported UART.
> >
> >Signed-off-by: Su Kang Yin < cantona@xxxxxxxxxxx >
> >---
...

This seems incorrect. The number of ports is allocated dynamically by:
...
/* Alloc port structure */
s = devm_kzalloc(dev, sizeof(*s) + sizeof(struct max310x_one) * devtype->nr, GFP_KERNEL);
...

Thanks.

---

Next message: Mark Brown: "Re: [PATCH 00/20] Regmap max_raw_io and bmc150 SPI support"
Previous message: Daniel Kurtz: "Re: [PATCH 07/20] regmap: Without bus read() or write(), force use_single_rw"
In reply to: Su Kang Yin: "[PATCH v2] serial: max310x: Fix out of bounds access"
Next in thread: Kang Yin Su: "Re: [PATCH v2] serial: max310x: Fix out of bounds access"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]