superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Linux kernel source tree
766,470 Commits
1 Branch
914 Tags
8.3 GiB
C 97.1%
Assembly 1%
Shell 0.6%
Rust 0.4%
Python 0.4%
Other 0.3%
 
 
 
 
 
 
Go to file
H. Nikolaus Schaller 932d47448c power: generic-adc-battery: fix out-of-bounds write when copying channel properties 
We did have sporadic problems in the pinctrl framework during boot
where a pin group name unexpectedly became NULL leading to a NULL
dereference in strcmp.

Detailled analysis of the failing cases did reveal that there were
two devm allocated objects close to each other. The second one was
the affected group_desc in pinmux and the first one was the
psy_desc->properties buffer of the gab driver.

Review of the gab code showed that the address calculation for
one memcpy() is wrong. It does

	properties + sizeof(type) * index

but C is defined to do the index multiplication already for
pointer + integer additions. Hence the factor was applied twice
and the memcpy() does write outside of the properties buffer.
Sometimes it happened to be the pinctrl and triggered the strcmp(NULL).

Anyways, it is overkill to use a memcpy() here instead of a simple
assignment, which is easier to read and has less risk for wrong
address calculations. So we change code to a simple assignment.

If we initialize the index to the first free location, we can even
remove the local variable 'properties'.

This bug seems to exist right from the beginning in 3.7-rc1 in

commit e60fea794e ("power: battery: Generic battery driver using IIO")

Signed-off-by: H. Nikolaus Schaller <hns@goldelico.com>
Cc: stable@vger.kernel.org
Fixes: e60fea794e ("power: battery: Generic battery driver using IIO")
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.co.uk>
 		2018-07-06 18:40:34 +02:00
Documentation for-linus-20180616 2018-06-17 05:37:55 +09:00
LICENSES LICENSES: Add Linux-OpenIB license text 2018-04-27 16:41:53 -06:00
arch Solve a series of broken links for files under Documentation: 2018-06-17 05:25:18 +09:00
block for-linus-20180616 2018-06-17 05:37:55 +09:00
certs docs: Fix some broken references 2018-06-15 18:10:01 -03:00
crypto docs: Fix some broken references 2018-06-15 18:10:01 -03:00
drivers power: generic-adc-battery: fix out-of-bounds write when copying channel properties 2018-07-06 18:40:34 +02:00
firmware
fs Solve a series of broken links for files under Documentation: 2018-06-17 05:25:18 +09:00
include power: remove possible deadlock when unregistering power_supply 2018-07-06 16:03:21 +02:00
init Kbuild updates for v4.18 (2nd) 2018-06-13 08:40:34 -07:00
ipc ipc: use new return type vm_fault_t 2018-06-15 07:55:25 +09:00
kernel Solve a series of broken links for files under Documentation: 2018-06-17 05:25:18 +09:00
lib docs: Fix some broken references 2018-06-15 18:10:01 -03:00
mm mm: fix oom_kill event handling 2018-06-15 07:55:25 +09:00
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-06-16 07:39:34 +09:00
samples VFIO updates for v4.18 2018-06-12 13:11:26 -07:00
scripts scripts/documentation-file-ref-check: check tools/*/Documentation 2018-06-15 18:10:01 -03:00
security docs: Fix some broken references 2018-06-15 18:10:01 -03:00
sound docs: Fix some broken references 2018-06-15 18:10:01 -03:00
tools Solve a series of broken links for files under Documentation: 2018-06-17 05:25:18 +09:00
usr kbuild: rename built-in.o to built-in.a 2018-03-26 02:01:19 +09:00
virt - Error path bug fix for overflow tests (Dan) 2018-06-12 18:28:00 -07:00
.clang-format clang-format: add configuration file 2018-04-11 10:28:35 -07:00
.cocciconfig
.get_maintainer.ignore
.gitattributes
.gitignore Kbuild updates for v4.17 (2nd) 2018-04-15 17:21:30 -07:00
.mailmap Merge branch 'asoc-4.17' into asoc-4.18 for compress dependencies 2018-04-26 12:24:28 +01:00
COPYING COPYING: use the new text with points to the license files 2018-03-23 12:41:45 -06:00
CREDITS MAINTAINERS/CREDITS: Drop METAG ARCHITECTURE 2018-03-05 16:34:24 +00:00
Kbuild
Kconfig kconfig: add basic helper macros to scripts/Kconfig.include 2018-05-29 03:31:19 +09:00
MAINTAINERS Solve a series of broken links for files under Documentation: 2018-06-17 05:25:18 +09:00
Makefile Linux 4.18-rc1 2018-06-17 08:04:49 +09:00
README Docs: Added a pointer to the formatted docs to README 2018-03-21 09:02:53 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.