Re: [PATCH] HID: mcp2221: prevent a buffer overflow in mcp_smbus_write()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 20 Jun 2022, Harshit Mogalapalli wrote:

> Smatch Warning:
> drivers/hid/hid-mcp2221.c:388 mcp_smbus_write() error: __memcpy()
> '&mcp->txbuf[5]' too small (59 vs 255)
> drivers/hid/hid-mcp2221.c:388 mcp_smbus_write() error: __memcpy() 'buf'
> too small (34 vs 255)
> 
> The 'len' variable can take a value between 0-255 as it can come from
> data->block[0] and it is user data. So add an bound check to prevent a
> buffer overflow in memcpy().
> 
> Fixes: 67a95c21463d ("HID: mcp2221: add usb to i2c-smbus host bridge")
> Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@xxxxxxxxxx>

Applied, thanks.

-- 
Jiri Kosina
SUSE Labs




[Index of Archives]     [Linux Media Devel]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Linux Wireless Networking]     [Linux Omap]

  Powered by Linux