Hi Jeremy, > unsigned char msgbuf1[I2C_SMBUS_BLOCK_MAX+2]; > > It uses the first element to store the requested length. Therefore, > in practice, we hit the issue with "greater than I2C_SMBUS_BLOCK_MAX + > 1". Right, there is one extra byte reserved for PEC. So, the actual buffer overflow will happen at I2C_SMBUS_BLOCK_MAX + 1 since I2C_SMBUS_I2C_BLOCK_DATA does not have PEC. > I have a added a little c ternary instruction to keep the same level > of debug/error information. If you don't like it we can remove it. I like it. I just didn't include it in my proof of concept. > I have updated, tested and attached the new version to this email. I Very good, thank you! > also improved the commit message by adding some information about what > is expected by the documentation. I don't know what is the process to > update the patch to the mailing list. Should I send a new email with > the new patch instead ? Technically, yes. Usually, resend it as [PATCH v2] with a small changelog what changed since last version. Just dig the mail archive for examples. However, since I really want this in v4.15, I picked this patch from the attachment and have applied it to i2c/for-current and attached the stable-tag. Thank you very much! Wolfram
Attachment:
signature.asc
Description: PGP signature
