The patch titled
drivers/leds/leds-lp5521.c: fix potential buffer overflow
has been removed from the -mm tree. Its filename was
drivers-leds-leds-lp5521c-fix-potential-buffer-overflow.patch
This patch was dropped because it was merged into mainline or a subsystem tree
The current -mm tree may be found at http://userweb.kernel.org/~akpm/mmotm/
------------------------------------------------------
Subject: drivers/leds/leds-lp5521.c: fix potential buffer overflow
From: Vasiliy Kulikov <segoon@xxxxxxxxxxxx>
The code doesn't check first sscanf() return value. If first sscanf()
failed then c contains some garbage. It might lead to reading
uninitialised stack data in the second sscanf() call.
Signed-off-by: Vasiliy Kulikov <segoon@xxxxxxxxxxxx>
Cc: Richard Purdie <rpurdie@xxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
drivers/leds/leds-lp5521.c | 2 ++
1 file changed, 2 insertions(+)
diff -puN drivers/leds/leds-lp5521.c~drivers-leds-leds-lp5521c-fix-potential-buffer-overflow drivers/leds/leds-lp5521.c
--- a/drivers/leds/leds-lp5521.c~drivers-leds-leds-lp5521c-fix-potential-buffer-overflow
+++ a/drivers/leds/leds-lp5521.c
@@ -373,6 +373,8 @@ static int lp5521_do_store_load(struct l
while ((offset < len - 1) && (i < LP5521_PROGRAM_LENGTH)) {
/* separate sscanfs because length is working only for %s */
ret = sscanf(buf + offset, "%2s%n ", c, &nrchars);
+ if (ret != 2)
+ goto fail;
ret = sscanf(c, "%2x", &cmd);
if (ret != 1)
goto fail;
_
Patches currently in -mm which might be from segoon@xxxxxxxxxxxx are
origin.patch
linux-next.patch
--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
