2022-08-16 10:09:00

by Will Shiu (許恭瑜)

[permalink] [raw]
Subject: [PATCH 1/1] Pinctrl: Add in zero check

add in check of buffer offset to avoid the exception when input 0 size.

Signed-off-by: Will Shiu <[email protected]>
---
drivers/pinctrl/pinmux.c | 3 +++
1 file changed, 3 insertions(+)

diff --git a/drivers/pinctrl/pinmux.c b/drivers/pinctrl/pinmux.c
index f94d43b082d9..646dff591b21 100644
--- a/drivers/pinctrl/pinmux.c
+++ b/drivers/pinctrl/pinmux.c
@@ -689,6 +689,9 @@ static ssize_t pinmux_select(struct file *file, const char __user *user_buf,
if (len > PINMUX_SELECT_MAX)
return -ENOMEM;

+ if (len <= 0)
+ return -EINVAL;
+
buf = kzalloc(PINMUX_SELECT_MAX, GFP_KERNEL);
if (!buf)
return -ENOMEM;
--
2.18.0


2022-08-25 12:09:26

by Linus Walleij

[permalink] [raw]
Subject: Re: [PATCH 1/1] Pinctrl: Add in zero check

On Tue, Aug 16, 2022 at 11:09 AM Will Shiu <[email protected]> wrote:

> add in check of buffer offset to avoid the exception when input 0 size.
>
> Signed-off-by: Will Shiu <[email protected]>

Looks good to me, patch applied!

Yours,
Linus Walleij

2022-08-25 12:26:01

by Andy Shevchenko

[permalink] [raw]
Subject: Re: [PATCH 1/1] Pinctrl: Add in zero check

On Thu, Aug 25, 2022 at 3:07 PM Linus Walleij <[email protected]> wrote:
> On Tue, Aug 16, 2022 at 11:09 AM Will Shiu <[email protected]> wrote:
>
> > add in check of buffer offset to avoid the exception when input 0 size.
> >
> > Signed-off-by: Will Shiu <[email protected]>
>
> Looks good to me, patch applied!

Sorry, but it seems the author didn't pay much attention and didn't
really work on it. What does the < 0 comparison mean here?

I would ask if there is _real_ issue with the code? What is the use
case and why is this check needed?

--
With Best Regards,
Andy Shevchenko

2022-08-25 13:30:30

by Linus Walleij

[permalink] [raw]
Subject: Re: [PATCH 1/1] Pinctrl: Add in zero check

On Thu, Aug 25, 2022 at 2:18 PM Andy Shevchenko
<[email protected]> wrote:
> On Thu, Aug 25, 2022 at 3:07 PM Linus Walleij <[email protected]> wrote:
> > On Tue, Aug 16, 2022 at 11:09 AM Will Shiu <[email protected]> wrote:
> >
> > > add in check of buffer offset to avoid the exception when input 0 size.
> > >
> > > Signed-off-by: Will Shiu <[email protected]>
> >
> > Looks good to me, patch applied!
>
> Sorry, but it seems the author didn't pay much attention and didn't
> really work on it. What does the < 0 comparison mean here?
>
> I would ask if there is _real_ issue with the code? What is the use
> case and why is this check needed?

Dropped this until Andy's question is answered.

Yours,
Linus Walleij