[PATCH] MTD: nandsim: BUG: Fail if overridesize is too big
Richard Genoud
richard.genoud at gmail.com
Tue Sep 18 04:27:44 EDT 2012
2012/9/12 Richard Genoud <richard.genoud at gmail.com>:
> If override size is too big, the module was actually loaded instead of
> failing, because retval was not set.
>
> This lead to memory corruption with the use of the freed structs nandsim
> and nand_chip.
>
> Signed-off-by: Richard Genoud <richard.genoud at gmail.com>
> ---
> drivers/mtd/nand/nandsim.c | 1 +
> 1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/drivers/mtd/nand/nandsim.c b/drivers/mtd/nand/nandsim.c
> index cf0cd31..5d881180 100644
> --- a/drivers/mtd/nand/nandsim.c
> +++ b/drivers/mtd/nand/nandsim.c
> @@ -2333,6 +2333,7 @@ static int __init ns_init_module(void)
> uint64_t new_size = (uint64_t)nsmtd->erasesize << overridesize;
> if (new_size >> overridesize != nsmtd->erasesize) {
> NS_ERR("overridesize is too big\n");
> + retval = -EINVAL;
> goto err_exit;
> }
> /* N.B. This relies on nand_scan not doing anything with the size before we change it */
> --
> 1.7.2.5
>
Hi Artem, David.
As this is a bug fix, it should be pushed to 3.6-rc7, shouldn't it ?
Regards,
Richard.
More information about the linux-mtd
mailing list