[PATCH v2] EDAC/zynqmp: Fix an off-by-one buffer overrun in inject_ue_write

Potthuri, Sai Krishna sai.krishna.potthuri at amd.com
Tue Jul 11 02:12:53 PDT 2023



> -----Original Message-----
> From: Yiyuan Guo <yguoaz at gmail.com>
> Sent: Thursday, June 29, 2023 9:21 PM
> To: Datta, Shubhrajyoti <shubhrajyoti.datta at amd.com>; Potthuri, Sai Krishna
> <sai.krishna.potthuri at amd.com>
> Cc: bp at alien8.de; tony.luck at intel.com; james.morse at arm.com;
> mchehab at kernel.org; rric at kernel.org; Simek, Michal
> <michal.simek at amd.com>; linux-edac at vger.kernel.org; linux-arm-
> kernel at lists.infradead.org; yguoaz at gmail.com
> Subject: [PATCH v2] EDAC/zynqmp: Fix an off-by-one buffer overrun in
> inject_ue_write
> 
> inject_ue_write() may access a local buffer `buf` at index `len = sizeof(buf)`. Fix
> the length value to avoid buffer overrun.
> 
> Signed-off-by: Yiyuan Guo <yguoaz at gmail.com>

Reviewed-by: Sai Krishna Potthuri <sai.krishna.potthuri at amd.com>

> ---
>  drivers/edac/zynqmp_edac.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/edac/zynqmp_edac.c b/drivers/edac/zynqmp_edac.c index
> ac7d1e0b324c..bd9c1ff4b5e9 100644
> --- a/drivers/edac/zynqmp_edac.c
> +++ b/drivers/edac/zynqmp_edac.c
> @@ -304,7 +304,7 @@ static ssize_t inject_ue_write(struct file *file, const char
> __user *data,
>  	if (!data)
>  		return -EFAULT;
> 
> -	len = min_t(size_t, count, sizeof(buf));
> +	len = min_t(size_t, count, sizeof(buf) - 1);
>  	if (copy_from_user(buf, data, len))
>  		return -EFAULT;
> 
> --
> 2.25.1




More information about the linux-arm-kernel mailing list