[PATCH linux dev-4.7] drivers: fsi: Fix FSI core size checking user interfaces
Joel Stanley
joel at jms.id.au
Thu Feb 23 01:01:46 AEDT 2017
On Wed, Feb 22, 2017 at 11:14 AM, Jeremy Kerr <jk at ozlabs.org> wrote:
> Hi Eddie,
>
>> Some potential for integer overflow and not checking signed offsets.
>
> [...]
>
>> int fsi_device_read(struct fsi_device *dev, uint32_t addr, void *val,
>> size_t size)
>> {
>> - if (addr > dev->size)
>> - return -EINVAL;
>> -
>> - if (addr + size > dev->size)
>> + if (addr > dev->size || size > dev->size || addr > dev->size - size)
>> return -EINVAL;
>
> I liked the split conditional statements, but that's only personal
> preference. Regardless, LGTM.
My personal preference is also to split them out. It makes them easier
to read, and there's less noise in the diff if the conditions need to
be updated.
I applied this as-is to dev-4.7 for now.
> Acked-by: Jeremy Kerr <jk at ozlabs.org>
Thanks for the review Jeremy.
Cheers,
Joel
More information about the openbmc
mailing list