[PATCH v2] EDAC/zynqmp: Fix an off-by-one buffer overrun in inject_ue_write
Yiyuan Guo
yguoaz at gmail.com
Thu Jun 29 08:51:22 PDT 2023
inject_ue_write() may access a local buffer `buf` at index
`len = sizeof(buf)`. Fix the length value to avoid buffer overrun.
Signed-off-by: Yiyuan Guo <yguoaz at gmail.com>
---
drivers/edac/zynqmp_edac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/edac/zynqmp_edac.c b/drivers/edac/zynqmp_edac.c
index ac7d1e0b324c..bd9c1ff4b5e9 100644
--- a/drivers/edac/zynqmp_edac.c
+++ b/drivers/edac/zynqmp_edac.c
@@ -304,7 +304,7 @@ static ssize_t inject_ue_write(struct file *file, const char __user *data,
if (!data)
return -EFAULT;
- len = min_t(size_t, count, sizeof(buf));
+ len = min_t(size_t, count, sizeof(buf) - 1);
if (copy_from_user(buf, data, len))
return -EFAULT;
--
2.25.1
More information about the linux-arm-kernel
mailing list