Fixes: 974e6f02e27e1b46 ("iio: cros_ec_sensors_core: Add common
functions for the ChromeOS EC S…")
On Sun, Jul 16, 2023 at 9:10 PM Jonathan Cameron <jic23@xxxxxxxxxx> wrote:
>
> On Fri, 30 Jun 2023 22:37:19 +0800
> Yiyuan Guo <yguoaz@xxxxxxxxx> wrote:
>
> > The struct cros_ec_command contains several integer fields and a
> > trailing array. An allocation size neglecting the integer fields can
> > lead to buffer overrun.
> >
> > Reviewed-by: Tzung-Bi Shih <tzungbi@xxxxxxxxxx>
> > Signed-off-by: Yiyuan Guo <yguoaz@xxxxxxxxx>
>
> Hi. I'm sitting on this one for a couple of reasons.
> 1) No fixes tag (replying to this thread with one is fine)
> 2) Various people commented on earlier versions, and I'm waiting for them to confirm
> they are fine with this version.
>
> If I hear nothing in a few more weeks I'll try and figure out the
> fixes tag + whether all the reviewer comments have been addressed.
>
> Jonathan
>
> > ---
> > v2->v3:
> > * Added R-b tag from Tzung-Bi Shih
> > * Aligned the code by adding an extra tab before "max"
> > * Added a patch changelog
> > v1->v2: Prefixed the commit title with "iio: cros_ec:"
> >
> > drivers/iio/common/cros_ec_sensors/cros_ec_sensors_core.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/iio/common/cros_ec_sensors/cros_ec_sensors_core.c b/drivers/iio/common/cros_ec_sensors/cros_ec_sensors_core.c
> > index 943e9e14d1e9..b72d39fc2434 100644
> > --- a/drivers/iio/common/cros_ec_sensors/cros_ec_sensors_core.c
> > +++ b/drivers/iio/common/cros_ec_sensors/cros_ec_sensors_core.c
> > @@ -253,7 +253,7 @@ int cros_ec_sensors_core_init(struct platform_device *pdev,
> > platform_set_drvdata(pdev, indio_dev);
> >
> > state->ec = ec->ec_dev;
> > - state->msg = devm_kzalloc(&pdev->dev,
> > + state->msg = devm_kzalloc(&pdev->dev, sizeof(*state->msg) +
> > max((u16)sizeof(struct ec_params_motion_sense),
> > state->ec->max_response), GFP_KERNEL);
> > if (!state->msg)
>
