Re: [PATCH] mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show()

Next message: Edward Adam Davis: "Re: [syzbot] [input?] [usb?] KASAN: slab-use-after-free Read in hidraw_report_event"
Previous message: David Laight: "Re: [PATCH 03/35] fbdev: sisfb: Use safer strscpy() instead of strcpy()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Miquel Raynal

Date: Mon Apr 27 2026 - 09:12:26 EST

On Fri, 17 Apr 2026 15:24:39 +0000, Tudor Ambarus wrote:
> Sashiko noticed an out-of-bounds read [1].
>
> In spi_nor_params_show(), the snor_f_names array is passed to
> spi_nor_print_flags() using sizeof(snor_f_names).
>
> Since snor_f_names is an array of pointers, sizeof() returns the total
> number of bytes occupied by the pointers
> (element_count * sizeof(void *))
> rather than the element count itself. On 64-bit systems, this makes the
> passed length 8x larger than intended.
>
> [...]

Applied to mtd/fixes, thanks!

[1/1] mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show()
commit: e47029b977e747cb3a9174308fd55762cce70147

Patche(s) should be available on mtd/linux.git and will be
part of the next PR (provided that no robot complains by then).

Kind regards,
Miquèl