Re: [PATCH] gpio: 74x164: Fix crash during .remove()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Nov 21, 2017 at 12:18 PM, Geert Uytterhoeven
<geert+renesas@xxxxxxxxx> wrote:
> Commit 7ebc194d0fd4bb0f ("gpio: 74x164: Introduce 'enable-gpios'
> property") added a new member gpiod_oe to the end of the struct
> gen_74x164_chip, after the zero-length buffer array.
>
> However, this buffer is a flexible array, allocated together with the
> structure during .probe().  As the buffer is no longer the last member,
> writing to it corrupts the newly added member after it.
> During device removal, the corrupted member will be used as a pointer,
> leading to a crash.
>
> This went unnoticed, as the flexible array was declared as "buffer[0]"
> instead of "buffer[]", and thus did not trigger a "flexible array member
> not at end of struct" error from gcc.
>
> Move the gpiod_oe field up to fix this, and drop the zero from the array
> size to prevent future similar bugs.
>
> Fixes: 7ebc194d0fd4bb0f ("gpio: 74x164: Introduce 'enable-gpios' property")
> Signed-off-by: Geert Uytterhoeven <geert+renesas@xxxxxxxxx>

Thanks for the fix:

Reviewed-by: Fabio Estevam <fabio.estevam@xxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-gpio" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux SPI]     [Linux Kernel]     [Linux ARM (vger)]     [Linux ARM MSM]     [Linux Omap]     [Linux Arm]     [Linux Tegra]     [Fedora ARM]     [Linux for Samsung SOC]     [eCos]     [Linux Fastboot]     [Gcc Help]     [Git]     [DCCP]     [IETF Announce]     [Security]     [Linux MIPS]     [Yosemite Campsites]

  Powered by Linux