[PATCH] firmware: arm_ffa: fix memory corruption in ffa_msg_send2()
Sudeep Holla
sudeep.holla at arm.com
Thu Apr 25 04:14:42 PDT 2024
On Wed, 24 Apr 2024 14:40:43 +0300, Dan Carpenter wrote:
> The "msg" pointer is a struct and msg->offset is the sizeof(*msg). The
> pointer here math means the memcpy() will write outside the bounds.
> Cast "msg" to a u8 pointer to fix this.
>
Applied to sudeep.holla/linux (for-next/ffa/updates), thanks!
[1/1] firmware: arm_ffa: fix memory corruption in ffa_msg_send2()
https://git.kernel.org/sudeep.holla/c/ddfade88f49d
--
Regards,
Sudeep
More information about the linux-arm-kernel
mailing list