[PATCH linux dev-4.7] drivers: fsi: Fix FSI core size checking user interfaces
Jeremy Kerr
jk at ozlabs.org
Wed Feb 22 11:44:53 AEDT 2017
Hi Eddie,
> Some potential for integer overflow and not checking signed offsets.
[...]
> int fsi_device_read(struct fsi_device *dev, uint32_t addr, void *val,
> size_t size)
> {
> - if (addr > dev->size)
> - return -EINVAL;
> -
> - if (addr + size > dev->size)
> + if (addr > dev->size || size > dev->size || addr > dev->size - size)
> return -EINVAL;
I liked the split conditional statements, but that's only personal
preference. Regardless, LGTM.
Acked-by: Jeremy Kerr <jk at ozlabs.org>
Cheers,
Jeremy
More information about the openbmc
mailing list