If anon_inode_getfd() fails then "i" is set to GPIOHANDLES_MAX. It
means that we will read beyond the end of the array and dereference an
invalid pointer.
Fixes: d7c51b47ac11 ('gpio: userspace ABI for reading/writing GPIO lines')
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c
index 8b3db59..8578b7f 100644
--- a/drivers/gpio/gpiolib.c
+++ b/drivers/gpio/gpiolib.c
@@ -495,6 +495,8 @@ static int linehandle_create(struct gpio_device *gdev, void __user *ip)
return 0;
out_free_descs:
+ if (i == GPIOHANDLES_MAX)
+ i--;
for (; i >= 0; i--)
gpiod_free(lh->descs[i]);
kfree(lh->label);
--
To unsubscribe from this list: send the line "unsubscribe linux-gpio" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
[patch] gpiolib: potential oops on failure path
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: [patch] gpiolib: potential oops on failure path
- From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
- Date: Fri, 17 Jun 2016 12:15:50 +0300
- User-agent: Mutt/1.6.0 (2016-04-01)
- Follow-Ups:
- Re: [patch] gpiolib: potential oops on failure path
- From: Linus Walleij
- Re: [patch] gpiolib: potential oops on failure path
- From: walter harms
- Re: [patch] gpiolib: potential oops on failure path
- Prev by Date: Re: [PATCH v2] gpio: add Intel WhiskeyCove GPIO driver
- Next by Date: Re: [patch] gpiolib: potential oops on failure path
- Previous by thread: [PATCH v2] gpio: add Intel WhiskeyCove GPIO driver
- Next by thread: Re: [patch] gpiolib: potential oops on failure path
- Index(es):
 |