[PATCH] EDAC/xilinx: Fix stack off-by-one in debugfs UE injection handlers
Datta, Shubhrajyoti
shubhraj at amd.com
Thu Apr 30 04:16:35 PDT 2026
On 4/25/2026 12:19 AM, Shengzhuo Wei wrote:
> [You don't often get email from me at cherr.cc. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]
>
> Caution: This message originated from an External Source. Use proper caution when opening attachments, clicking links, or responding.
>
>
> Two EDAC debugfs write handlers copy up to sizeof(buf) bytes into a
> fixed-size stack buffer and then unconditionally NUL-terminate it via
> buf[len] = '\0'. When userspace writes >= sizeof(buf) bytes, len
> becomes sizeof(buf) and the NUL write lands 1 byte past the end of the
> stack buffer.
>
> Fix by clamping the copy length to sizeof(buf) - 1 so that the NUL
> terminator is always in-bounds.
>
> Fixes: 3bd2706c910f ("EDAC/zynqmp: Add EDAC support for Xilinx ZynqMP OCM")
> Fixes: 83bf24051a60 ("EDAC/versal: Make the bit position of injected errors configurable")
> Signed-off-by: Shengzhuo Wei <me at cherr.cc>
> ---
Reviewed-by: Shubhrajyoti Datta <shubhrajyoti.datta at amd.com>
More information about the linux-arm-kernel
mailing list