[PATCH] mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show()
Miquel Raynal
miquel.raynal at bootlin.com
Mon Apr 27 06:08:56 PDT 2026
On Fri, 17 Apr 2026 15:24:39 +0000, Tudor Ambarus wrote:
> Sashiko noticed an out-of-bounds read [1].
>
> In spi_nor_params_show(), the snor_f_names array is passed to
> spi_nor_print_flags() using sizeof(snor_f_names).
>
> Since snor_f_names is an array of pointers, sizeof() returns the total
> number of bytes occupied by the pointers
> (element_count * sizeof(void *))
> rather than the element count itself. On 64-bit systems, this makes the
> passed length 8x larger than intended.
>
> [...]
Applied to mtd/fixes, thanks!
[1/1] mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show()
commit: e47029b977e747cb3a9174308fd55762cce70147
Patche(s) should be available on mtd/linux.git and will be
part of the next PR (provided that no robot complains by then).
Kind regards,
Miquèl
More information about the linux-mtd
mailing list