[v1] dev/parport: fix the array out-of-bounds risk

[RESEND. PATCH] dev/parport: fix the array out-of-bounds risk

tuhaowen posted 1 patch 1 year, 6 months ago

Diff against v1 v1 v1 v2
Download mbox

There is a newer version of this series

drivers/parport/procfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Expand all Fold all

[RESEND. PATCH] dev/parport: fix the array out-of-bounds risk

Posted by tuhaowen 1 year, 6 months ago

The array buffer size is 20 bytes.
When executing code in a 64-bit CPU environment, up to 42 bytes of
data will be written into this array
(the size of "%lu\t%lu\n" is 20 +1 + 20 + 1).

In fact, this line of code for 32-bit CPUs also has the risk of
crossing the boundary, but it can exceed 2 bytes at most. With good
luck, it is local variables that are damaged, and there are no serious
consequences.

Signed-off-by: tuhaowen <tuhaowen@uniontech.com>
---
 drivers/parport/procfs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/parport/procfs.c b/drivers/parport/procfs.c
index bd388560ed59..9f501d5fa1ec 100644
--- a/drivers/parport/procfs.c
+++ b/drivers/parport/procfs.c
@@ -117,7 +117,7 @@ static int do_hardware_base_addr(struct ctl_table *table, int write,
 				 void *result, size_t *lenp, loff_t *ppos)
 {
 	struct parport *port = (struct parport *)table->extra1;
-	char buffer[20];
+	char buffer[64];
 	int len = 0;
 
 	if (*ppos) {
-- 
2.20.1