summaryrefslogtreecommitdiff
path: root/lib/ucs2_string.c
diff options
context:
space:
mode:
authorDan Carpenter <dan.carpenter@oracle.com>2019-03-26 08:12:07 +0300
committerMauro Carvalho Chehab <mchehab+samsung@kernel.org>2019-03-29 14:43:48 +0300
commit9c2ccc324b3a6cbc865ab8b3e1a09e93d3c8ade9 (patch)
tree31d6c625fee9e81e91460363d7542b8af91f25ea /lib/ucs2_string.c
parent2e7682ebfc750177a4944eeb56e97a3f05734528 (diff)
downloadlinux-9c2ccc324b3a6cbc865ab8b3e1a09e93d3c8ade9.tar.xz
media: wl128x: prevent two potential buffer overflows
Smatch marks skb->data as untrusted so it warns that "evt_hdr->dlen" can copy up to 255 bytes and we only have room for two bytes. Even if this comes from the firmware and we trust it, the new policy generally is just to fix it as kernel hardenning. I can't test this code so I tried to be very conservative. I considered not allowing "evt_hdr->dlen == 1" because it doesn't initialize the whole variable but in the end I decided to allow it and manually initialized "asic_id" and "asic_ver" to zero. Fixes: e8454ff7b9a4 ("[media] drivers:media:radio: wl128x: FM Driver Common sources") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Diffstat (limited to 'lib/ucs2_string.c')
0 files changed, 0 insertions, 0 deletions