Patch set for gpib staging drivers

[PATCH 1/9] Fix buffer overflow in ni_usb_init

Posted by Dave Penkler 3 weeks, 2 days ago

  The writes buffer size was taking into accont the number of
  entries causing random oopses.

Signed-off-by: Dave Penkler <dpenkler@gmail.com>
---
 drivers/staging/gpib/ni_usb/ni_usb_gpib.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/staging/gpib/ni_usb/ni_usb_gpib.c b/drivers/staging/gpib/ni_usb/ni_usb_gpib.c
index 571f07800c9a..9ff56b063681 100644
--- a/drivers/staging/gpib/ni_usb/ni_usb_gpib.c
+++ b/drivers/staging/gpib/ni_usb/ni_usb_gpib.c
@@ -1726,7 +1726,7 @@ static int ni_usb_init(gpib_board_t *board)
 	unsigned int ibsta;
 	int writes_len;
 
-	writes = kmalloc(sizeof(*writes), GFP_KERNEL);
+	writes = kmalloc(sizeof(*writes) * NUM_INIT_WRITES, GFP_KERNEL);
 	if (!writes)
 		return -ENOMEM;
 
-- 
2.46.2

Re: [PATCH 1/9] Fix buffer overflow in ni_usb_init

Posted by Dan Carpenter 3 weeks, 2 days ago

The subject should have a subsystem prefix:

staging: gpib: Fix buffer overflow in ni_usb_init()

On Fri, Nov 01, 2024 at 06:46:57PM +0100, Dave Penkler wrote:
>   The writes buffer size was taking into accont the number of
>   entries causing random oopses.

Remove the blank lines from the start of the line.

> 
> Signed-off-by: Dave Penkler <dpenkler@gmail.com>

Add a Fixes tag.

> ---
>  drivers/staging/gpib/ni_usb/ni_usb_gpib.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/staging/gpib/ni_usb/ni_usb_gpib.c b/drivers/staging/gpib/ni_usb/ni_usb_gpib.c
> index 571f07800c9a..9ff56b063681 100644
> --- a/drivers/staging/gpib/ni_usb/ni_usb_gpib.c
> +++ b/drivers/staging/gpib/ni_usb/ni_usb_gpib.c
> @@ -1726,7 +1726,7 @@ static int ni_usb_init(gpib_board_t *board)
>  	unsigned int ibsta;
>  	int writes_len;
>  
> -	writes = kmalloc(sizeof(*writes), GFP_KERNEL);
> +	writes = kmalloc(sizeof(*writes) * NUM_INIT_WRITES, GFP_KERNEL);

Please use kmalloc_array().

regards,
dan carpenter