Received: by 2002:ab2:1689:0:b0:1f7:5705:b850 with SMTP id d9csp1394481lqa; Mon, 29 Apr 2024 07:24:42 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVlxmZcyLAeR7+AkhOJcs7koZ+ldOIOJJ8MKgQo8K5PDihH1LZHtG3cCNjLO4tmA7DR5kwWofyufaveVGloVu07vAXYyj0nBafTO34HLw== X-Google-Smtp-Source: AGHT+IELeGs05PzmlbEemwNBW8CXJ8BIgNTutT/1roqlOZLHoYmCJO/54sw1D8q9IPZc9Q6lQVV5 X-Received: by 2002:a05:6e02:1fe4:b0:36b:3799:a99 with SMTP id dt4-20020a056e021fe400b0036b37990a99mr10990402ilb.28.1714400682673; Mon, 29 Apr 2024 07:24:42 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1714400682; cv=pass; d=google.com; s=arc-20160816; b=l1+t/zp1V1vWvsqObgH9ADYSjhsiQqTgt4A/ud3qWIR1lzqR0odkkD+KrmGtz0EV9X GuIve2tNgoz05K1xWNJe+3ECxhlWTy+0rCF8tbzKm04KbJk0xmFbO4tZKjptmP1dH38l twfQl6QIndUlJkR2rvf3mUBmVCUl4oEkEG7oDiB9u60HCBSHAuk2K1zO6Hz0SAnxMa21 Rw190wwHPjE9I8hIdG+aQM/xonti+XiT/JoWUxz1hEreayu5WctGRJ3uYiIRHSq8Jo/4 iknNF5X94vj7E7FZiVYsU54jNKxLSe6j6GIf3METeVl1ubHM7h//PWCTV+hrs6wvpxas OewA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:autocrypt:from:references:cc :to:content-language:subject:user-agent:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:date:message-id; bh=4M+eyKwSMXZwXVehQOxzLQNKslllyRMvtdusun6hh2I=; fh=hwDmaMOcZVmImmnnSHpdL1z2PEDO1mhzYwCyNhzjMk4=; b=fki0kabr5atKiLRdKXvwCndut7svnU/tNN7wEfmN7mq6CesbBAybpOWoeJ5hs8qsP5 troZQYRxDhfV4CKPmcyebsxuQ6/3Uw4BRYL3WZxNyhNQcT4bNa0sxA7UDVKBRwWOvYt9 j9W00HyE0kthjj45EF18gQpHZIEVCjNBZIdTzszXzAWdSoR5W0ejg/H1wU+079iRQiUv 2TfL2JC4bcQ3PsfygzEa6h5mEfCW/SbKa8uBLKSOBILyNQwXAJ0HZE5b5bhILnb1JBKx II5apS5/w6twzInxCigr2lo9g85jeZ/LlFuqtksgQZfbWDvP6yMH6g/vDOGc5m7AzxpY qxnQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1); spf=pass (google.com: domain of linux-kernel+bounces-162436-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-162436-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xs4all.nl Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id i186-20020a639dc3000000b006060895c100si9686571pgd.797.2024.04.29.07.24.42 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Apr 2024 07:24:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-162436-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; arc=pass (i=1); spf=pass (google.com: domain of linux-kernel+bounces-162436-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-162436-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xs4all.nl Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 49ED22813E3 for ; Mon, 29 Apr 2024 14:24:42 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 035247BB11; Mon, 29 Apr 2024 14:24:34 +0000 (UTC) Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7A370947B; Mon, 29 Apr 2024 14:24:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714400673; cv=none; b=STlAPIPBwGaTot1e6aIWEpFT1XjrKCRCRMdaAztGpt0iFlUEeQrbwDuZKruhNnm5s9AcCXgZZEVjn6TOlf3UV0dfAO46UAKoJk4IkrcxKKzjmcczRpbWG9sC7R23Yt47UtGZ72EUSG40iWv8A6SnJu7I7SZmfif06dHaWNFF5h8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714400673; c=relaxed/simple; bh=Eb5TD1/4t8NnrUzXcNwFmtlXSntebweMGVulbvqyS/w=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=CdvOc+i+Ffpoc7AALRpzydcrqhNOYjfjPtAmDCOlemiW8yDr1RcSaJHkvP0YLk0FGKIkxJNu4LekwjgbgQ2kbw4L5qkeB5dUC0M3ipNn/4cMnnozRPdtLzFw/0hu/ktzCEenHTZuavntVV9SGiwlIx1tsp4CKSK1FrgeTVtwl9w= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6A817C113CD; Mon, 29 Apr 2024 14:24:29 +0000 (UTC) Message-ID: <0b8e0098-b3a6-4abb-b856-65b7ba4e4c3d@xs4all.nl> Date: Mon, 29 Apr 2024 16:24:27 +0200 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH] media: dw2102: fix a potential buffer overflow Content-Language: en-US, nl To: Mauro Carvalho Chehab Cc: Hans Verkuil , Michael Bunk , Wei Chen , Yu Zhe , Zhang Shurong , linux-kernel@vger.kernel.org, linux-media@vger.kernel.org References: <989d1befaf0ba99277ad7b1f6ef2d454afa6db51.1714400241.git.mchehab@kernel.org> From: Hans Verkuil Autocrypt: addr=hverkuil@xs4all.nl; keydata= xsFNBFQ84W0BEAC7EF1iL4s3tY8cRTVkJT/297h0Hz0ypA+ByVM4CdU9sN6ua/YoFlr9k0K4 BFUlg7JzJoUuRbKxkYb8mmqOe722j7N3HO8+ofnio5cAP5W0WwDpM0kM84BeHU0aPSTsWiGR yw55SOK2JBSq7hueotWLfJLobMWhQii0Zd83hGT9SIt9uHaHjgwmtTH7MSTIiaY6N14nw2Ud C6Uykc1va0Wqqc2ov5ihgk/2k2SKa02ookQI3e79laOrbZl5BOXNKR9LguuOZdX4XYR3Zi6/ BsJ7pVCK9xkiVf8svlEl94IHb+sa1KrlgGv3fn5xgzDw8Z222TfFceDL/2EzUyTdWc4GaPMC E/c1B4UOle6ZHg02+I8tZicjzj5+yffv1lB5A1btG+AmoZrgf0X2O1B96fqgHx8w9PIpVERN YsmkfxvhfP3MO3oHh8UY1OLKdlKamMneCLk2up1Zlli347KMjHAVjBAiy8qOguKF9k7HOjif JCLYTkggrRiEiE1xg4tblBNj8WGyKH+u/hwwwBqCd/Px2HvhAsJQ7DwuuB3vBAp845BJYUU3 06kRihFqbO0vEt4QmcQDcbWINeZ2zX5TK7QQ91ldHdqJn6MhXulPKcM8tCkdD8YNXXKyKqNl UVqXnarz8m2JCbHgjEkUlAJCNd6m3pfESLZwSWsLYL49R5yxIwARAQABzSFIYW5zIFZlcmt1 aWwgPGh2ZXJrdWlsQHhzNGFsbC5ubD7CwZUEEwECACgFAlQ84W0CGwMFCRLMAwAGCwkIBwMC BhUIAgkKCwQWAgMBAh4BAheAACEJEL0tYUhmFDtMFiEEBSzee8IVBTtonxvKvS1hSGYUO0wT 7w//frEmPBAwu3OdvAk9VDkH7X+7RcFpiuUcJxs3Xl6jpaA+SdwtZra6W1uMrs2RW8eXXiq/ 80HXJtYnal1Y8MKUBoUVhT/+5+KcMyfVQK3VFRHnNxCmC9HZV+qdyxAGwIscUd4hSlweuU6L 6tI7Dls6NzKRSTFbbGNZCRgl8OrF01TBH+CZrcFIoDgpcJA5Pw84mxo+wd2BZjPA4TNyq1od +slSRbDqFug1EqQaMVtUOdgaUgdlmjV0+GfBHoyCGedDE0knv+tRb8v5gNgv7M3hJO3Nrl+O OJVoiW0G6OWVyq92NNCKJeDy8XCB1yHCKpBd4evO2bkJNV9xcgHtLrVqozqxZAiCRKN1elWF 1fyG8KNquqItYedUr+wZZacqW+uzpVr9pZmUqpVCk9s92fzTzDZcGAxnyqkaO2QTgdhPJT2m wpG2UwIKzzi13tmwakY7OAbXm76bGWVZCO3QTHVnNV8ku9wgeMc/ZGSLUT8hMDZlwEsW7u/D qt+NlTKiOIQsSW7u7h3SFm7sMQo03X/taK9PJhS2BhhgnXg8mOa6U+yNaJy+eU0Lf5hEUiDC vDOI5x++LD3pdrJVr/6ZB0Qg3/YzZ0dk+phQ+KlP6HyeO4LG662toMbFbeLcBjcC/ceEclII 90QNEFSZKM6NVloM+NaZRYVO3ApxWkFu+1mrVTXOwU0EVDzhbQEQANzLiI6gHkIhBQKeQaYs p2SSqF9c++9LOy5x6nbQ4s0X3oTKaMGfBZuiKkkU6NnHCSa0Az5ScRWLaRGu1PzjgcVwzl5O sDawR1BtOG/XoPRNB2351PRp++W8TWo2viYYY0uJHKFHML+ku9q0P+NkdTzFGJLP+hn7x0RT DMbhKTHO3H2xJz5TXNE9zTJuIfGAz3ShDpijvzYieY330BzZYfpgvCllDVM5E4XgfF4F/N90 wWKu50fMA01ufwu+99GEwTFVG2az5T9SXd7vfSgRSkzXy7hcnxj4IhOfM6Ts85/BjMeIpeqy TDdsuetBgX9DMMWxMWl7BLeiMzMGrfkJ4tvlof0sVjurXibTibZyfyGR2ricg8iTbHyFaAzX 2uFVoZaPxrp7udDfQ96sfz0hesF9Zi8d7NnNnMYbUmUtaS083L/l2EDKvCIkhSjd48XF+aO8 VhrCfbXWpGRaLcY/gxi2TXRYG9xCa7PINgz9SyO34sL6TeFPSZn4bPQV5O1j85Dj4jBecB1k z2arzwlWWKMZUbR04HTeAuuvYvCKEMnfW3ABzdonh70QdqJbpQGfAF2p4/iCETKWuqefiOYn pR8PqoQA1DYv3t7y9DIN5Jw/8Oj5wOeEybw6vTMB0rrnx+JaXvxeHSlFzHiD6il/ChDDkJ9J /ejCHUQIl40wLSDRABEBAAHCwXwEGAECAA8FAlQ84W0CGwwFCRLMAwAAIQkQvS1hSGYUO0wW IQQFLN57whUFO2ifG8q9LWFIZhQ7TA1WD/9yxJvQrpf6LcNrr8uMlQWCg2iz2q1LGt1Itkuu KaavEF9nqHmoqhSfZeAIKAPn6xuYbGxXDrpN7dXCOH92fscLodZqZtK5FtbLvO572EPfxneY UT7JzDc/5LT9cFFugTMOhq1BG62vUm/F6V91+unyp4dRlyryAeqEuISykhvjZCVHk/woaMZv c1Dm4Uvkv0Ilelt3Pb9J7zhcx6sm5T7v16VceF96jG61bnJ2GFS+QZerZp3PY27XgtPxRxYj AmFUeF486PHx/2Yi4u1rQpIpC5inPxIgR1+ZFvQrAV36SvLFfuMhyCAxV6WBlQc85ArOiQZB Wm7L0repwr7zEJFEkdy8C81WRhMdPvHkAIh3RoY1SGcdB7rB3wCzfYkAuCBqaF7Zgfw8xkad KEiQTexRbM1sc/I8ACpla3N26SfQwrfg6V7TIoweP0RwDrcf5PVvwSWsRQp2LxFCkwnCXOra gYmkrmv0duG1FStpY+IIQn1TOkuXrciTVfZY1cZD0aVxwlxXBnUNZZNslldvXFtndxR0SFat sflovhDxKyhFwXOP0Rv8H378/+14TaykknRBIKEc0+lcr+EMOSUR5eg4aURb8Gc3Uc7fgQ6q UssTXzHPyj1hAyDpfu8DzAwlh4kKFTodxSsKAjI45SLjadSc94/5Gy8645Y1KgBzBPTH7Q== In-Reply-To: <989d1befaf0ba99277ad7b1f6ef2d454afa6db51.1714400241.git.mchehab@kernel.org> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit On 29/04/2024 16:17, Mauro Carvalho Chehab wrote: > As pointed by smatch: > drivers/media/usb/dvb-usb/dw2102.c:802 su3000_i2c_transfer() error: __builtin_memcpy() '&state->data[4]' too small (64 vs 67) > > That seemss to be due to a wrong copy-and-paste. > > Reported-by: Hans Verkuil > Signed-off-by: Mauro Carvalho Chehab Reviewed-by: Hans Verkuil Regards, Hans > --- > drivers/media/usb/dvb-usb/dw2102.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/media/usb/dvb-usb/dw2102.c b/drivers/media/usb/dvb-usb/dw2102.c > index 03b411ad64bb..79e2ccf974c9 100644 > --- a/drivers/media/usb/dvb-usb/dw2102.c > +++ b/drivers/media/usb/dvb-usb/dw2102.c > @@ -789,7 +789,7 @@ static int su3000_i2c_transfer(struct i2c_adapter *adap, struct i2c_msg msg[], > > if (msg[j].flags & I2C_M_RD) { > /* single read */ > - if (1 + msg[j].len > sizeof(state->data)) { > + if (4 + msg[j].len > sizeof(state->data)) { > warn("i2c rd: len=%d is too big!\n", msg[j].len); > num = -EOPNOTSUPP; > break;