[PATCH v3 01/12] staging: gpib: Fix buffer overflow in ni_usb_init

From: Dave Penkler
Date: Mon Nov 04 2024 - 12:50:43 EST


The writes buffer size was not taking into account the number of
entries in the array which was causing random oopses.

Fixes: 4e127de14fa7 ("staging: gpib: Add National Instruments USB GPIB driver")
Signed-off-by: Dave Penkler <dpenkler@xxxxxxxxx>
---
drivers/staging/gpib/ni_usb/ni_usb_gpib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/staging/gpib/ni_usb/ni_usb_gpib.c b/drivers/staging/gpib/ni_usb/ni_usb_gpib.c
index 571f07800c9a..b7550a937f15 100644
--- a/drivers/staging/gpib/ni_usb/ni_usb_gpib.c
+++ b/drivers/staging/gpib/ni_usb/ni_usb_gpib.c
@@ -1726,7 +1726,7 @@ static int ni_usb_init(gpib_board_t *board)
unsigned int ibsta;
int writes_len;

- writes = kmalloc(sizeof(*writes), GFP_KERNEL);
+ writes = kmalloc_array(NUM_INIT_WRITES, sizeof(*writes), GFP_KERNEL);
if (!writes)
return -ENOMEM;

--
2.46.2