Re: [PATCH v5] w1: therm: Fix off-by-one buffer overflow in alarms_store

Next message: Leon Romanovsky: "Re: [PATCH] RDMA/cxgb4: fix a memory leak in pass_accept_req() error path"
Previous message: Krzysztof Kozlowski: "Re: [PATCH v5 3/4] clk: samsung: Implement automatic clock gating mode for CMUs"
In reply to: Krzysztof Kozlowski: "Re: [PATCH v5] w1: therm: Fix off-by-one buffer overflow in alarms_store"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Krzysztof Kozlowski

Date: Thu Dec 18 2025 - 11:06:33 EST

On Tue, 16 Dec 2025 15:50:03 +0100, Thorsten Blum wrote:
> The sysfs buffer passed to alarms_store() is allocated with 'size + 1'
> bytes and a NUL terminator is appended. However, the 'size' argument
> does not account for this extra byte. The original code then allocated
> 'size' bytes and used strcpy() to copy 'buf', which always writes one
> byte past the allocated buffer since strcpy() copies until the NUL
> terminator at index 'size'.
>
> [...]

Applied, thanks!

[1/1] w1: therm: Fix off-by-one buffer overflow in alarms_store
https://git.kernel.org/krzk/linux-w1/c/761fcf46a1bd797bd32d23f3ea0141ffd437668a

Best regards,
--
Krzysztof Kozlowski <krzk@xxxxxxxxxx>