[PATCH v2] EDAC/zynqmp: Fix an off-by-one buffer overrun in inject_ue_write
Potthuri, Sai Krishna
sai.krishna.potthuri at amd.com
Tue Jul 11 02:12:53 PDT 2023
> -----Original Message-----
> From: Yiyuan Guo <yguoaz at gmail.com>
> Sent: Thursday, June 29, 2023 9:21 PM
> To: Datta, Shubhrajyoti <shubhrajyoti.datta at amd.com>; Potthuri, Sai Krishna
> <sai.krishna.potthuri at amd.com>
> Cc: bp at alien8.de; tony.luck at intel.com; james.morse at arm.com;
> mchehab at kernel.org; rric at kernel.org; Simek, Michal
> <michal.simek at amd.com>; linux-edac at vger.kernel.org; linux-arm-
> kernel at lists.infradead.org; yguoaz at gmail.com
> Subject: [PATCH v2] EDAC/zynqmp: Fix an off-by-one buffer overrun in
> inject_ue_write
>
> inject_ue_write() may access a local buffer `buf` at index `len = sizeof(buf)`. Fix
> the length value to avoid buffer overrun.
>
> Signed-off-by: Yiyuan Guo <yguoaz at gmail.com>
Reviewed-by: Sai Krishna Potthuri <sai.krishna.potthuri at amd.com>
> ---
> drivers/edac/zynqmp_edac.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/edac/zynqmp_edac.c b/drivers/edac/zynqmp_edac.c index
> ac7d1e0b324c..bd9c1ff4b5e9 100644
> --- a/drivers/edac/zynqmp_edac.c
> +++ b/drivers/edac/zynqmp_edac.c
> @@ -304,7 +304,7 @@ static ssize_t inject_ue_write(struct file *file, const char
> __user *data,
> if (!data)
> return -EFAULT;
>
> - len = min_t(size_t, count, sizeof(buf));
> + len = min_t(size_t, count, sizeof(buf) - 1);
> if (copy_from_user(buf, data, len))
> return -EFAULT;
>
> --
> 2.25.1
More information about the linux-arm-kernel
mailing list