[PATCH] evh_bytechan: fix out of bounds accesses
Timur Tabi
timur at kernel.org
Tue Jan 14 03:03:18 AEDT 2020
On Thu, Jan 9, 2020 at 1:41 AM Stephen Rothwell <sfr at canb.auug.org.au> wrote:
>
> ev_byte_channel_send() assumes that its third argument is a 16 byte array.
> Some places where it is called it may not be (or we can't easily tell
> if it is). Newer compilers have started producing warnings about this,
> so make sure we actually pass a 16 byte array.
...
> +static unsigned int local_ev_byte_channel_send(unsigned int handle,
> + unsigned int *count, const char *p)
> +{
> + char buffer[EV_BYTE_CHANNEL_MAX_BYTES];
> + unsigned int c = *count;
> +
> + if (c < sizeof(buffer)) {
> + memcpy(buffer, p, c);
> + memset(&buffer[c], 0, sizeof(buffer) - c);
> + p = buffer;
> + }
> + return ev_byte_channel_send(handle, count, p);
> +}
Why not simply correct the parameters of ev_byte_channel_send?
static inline unsigned int ev_byte_channel_send(unsigned int handle,
-unsigned int *count, const char buffer[EV_BYTE_CHANNEL_MAX_BYTES])
+unsigned int *count, const char *buffer)
Back then, I probably thought I was just being clever with this code,
but I realize now that it doesn't make sense to do the way I did.
More information about the Linuxppc-dev
mailing list