On Sun, Jul 16, 2017 at 08:38:41PM -0400, Jacob von Chorus wrote: > Four fields in struct fpgaimage are char arrays of length MAX_STR (256). > The amount of data read into these buffers is controlled by a length > field in the bitstream file read from userspace. If a corrupt or > malicious firmware file was supplied, kernel data beyond these buffers > can be overwritten arbitrarily. > > This patch adds a check of the bitstream's length value to ensure it > fits within the bounds of the allocated buffers. An error condition is > returned from gs_read_bitstream if any of the reads fail. > > This patch also fixes a checkpatch.pl CHECK in io.c by removing the FSF > address paragraph. Whenever you have a "also" in a patch changelog, that's a huge flag that this should be a separate patch. As is the case here, fixing the FSF address has nothing to do with the buffer overflow checks. Please break this up into two different patches. thanks, greg k-h _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
