[ldv-project] [PATCH] mtd: rawnand: intel: Fix potential buffer overflow in probe

Miquel Raynal miquel.raynal at bootlin.com
Tue Sep 14 20:39:16 MSK 2021


On Fri, 2021-09-03 at 08:26:53 UTC, Evgeny Novikov wrote:
> ebu_nand_probe() read the value of u32 variable "cs" from the device
> firmware description and used it as the index for array ebu_host->cs
> that can contain MAX_CS (2) elements at most. That could result in
> a buffer overflow and various bad consequences later.
> 
> Fix the potential buffer overflow by restricting values of "cs" with
> MAX_CS in probe.
> 
> Found by Linux Driver Verification project (linuxtesting.org).
> 
> Fixes: 0b1039f016e8 ("mtd: rawnand: Add NAND controller support on Intel LGM SoC")
> Signed-off-by: Evgeny Novikov <novikov at ispras.ru>
> Co-developed-by: Kirill Shilimanov <kirill.shilimanov at huawei.com>
> Signed-off-by: Kirill Shilimanov <kirill.shilimanov at huawei.com>
> Co-developed-by: Anton Vasilyev <vasilyev at ispras.ru>
> Signed-off-by: Anton Vasilyev <vasilyev at ispras.ru>

Applied to https://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux.git nand/next, thanks.

Miquel



More information about the ldv-project mailing list