[lvc-project] [PATCH] USBATM: enforce boundary check for sync_wait[]
Alexey V. Vissarionov
gremlin at altlinux.org
Thu Apr 3 17:43:00 MSK 2025
After plugging and removing the device several times, modem_index
may become bigger than NB_MODEM resulting in the out-of-boundary
array access.
Found by ALT Linux Team (altlinux.org) and Linux Verification Center
(linuxtesting.org).
Fixes: b72458a80c75 ("[PATCH] USB: Eagle and ADI 930 usb adsl modem driver")
Signed-off-by: Alexey V. Vissarionov <gremlin at altlinux.org>
---
drivers/usb/atm/ueagle-atm.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/atm/ueagle-atm.c b/drivers/usb/atm/ueagle-atm.c
index 786299892c7f46e8..d4c82737dea11b83 100644
--- a/drivers/usb/atm/ueagle-atm.c
+++ b/drivers/usb/atm/ueagle-atm.c
@@ -2501,7 +2501,9 @@ static int uea_bind(struct usbatm_data *usbatm, struct usb_interface *intf,
if (ifnum != UEA_INTR_IFACE_NO)
return -ENODEV;
- usbatm->flags = (sync_wait[modem_index] ? 0 : UDSL_SKIP_HEAVY_INIT);
+ usbatm->flags =
+ (((modem_index < NB_MODEM) && sync_wait[modem_index]) ?
+ 0 : UDSL_SKIP_HEAVY_INIT);
/* interface 1 is for outbound traffic */
ret = claim_interface(usb, usbatm, UEA_US_IFACE_NO);
--
Alexey V. Vissarionov
gremlin ПРИ altlinux ТЧК org; +vii-cmiii-ccxxix-lxxix-xlii
GPG: 0D92F19E1C0DC36E27F61A29CD17E2B43D879005 @ hkp://keys.gnupg.net
More information about the lvc-project
mailing list