Re: [PATCH] floppy: Avoid memory access beyond the array bounds in setup_rw_floppy()

From: Jens Axboe
Date: Fri Oct 26 2018 - 10:41:30 EST


On 10/26/18 8:39 AM, Kyungtae Kim wrote:

> diff --git a/drivers/block/floppy.c b/drivers/block/floppy.c
> index a8cfa01..41160a1 100644
> --- a/drivers/block/floppy.c
> +++ b/drivers/block/floppy.c
> @@ -3146,6 +3146,9 @@ static int raw_cmd_copyin(int cmd, void __user *param,
> */
> return -EINVAL;
>
> + if (ptr->cmd_count > ARRAY_SIZE(ptr->cmd))
> + return -EINVAL;
> +
> for (i = 0; i < 16; i++)
> ptr->reply[i] = 0;
> ptr->resultcode = 0;

Almost there, the tabs have been turned into spaces. This could be
a mailer issue, what are you using to send out the patch?

--
Jens Axboe