Google Git
Sign in
android-kvm / linux / 0278b34bf15f8d8a609595b15909cd8622dd64ca
commit0278b34bf15f8d8a609595b15909cd8622dd64ca[log] [tgz]
authorGeert Uytterhoeven <geert+renesas@glider.be>Fri Sep 09 09:02:51 2016 +0200
committerMark Brown <broonie@kernel.org>Wed Sep 14 16:22:43 2016 +0100
tree9fc3af0ff0d3401ea0d65e0b69e55b6fafd4aa08
parent29b4817d4018df78086157ea3a55c1d9424a7cfc [diff]
spi: spidev_test: Fix buffer overflow in unescape()

Sometimes spidev_test crashes with:

    *** Error in `spidev_test': munmap_chunk(): invalid pointer: 0x00022020 ***
    Aborted

or just

    Segmentation fault

This is due to transfer_escaped_string() miscalculating the required
size of the buffer by one byte, causing a buffer overflow in unescape().

Drop the bogus "+ 1" in the strlen() parameter to fix this.

Note that unescape() never copies the zero-terminator of the source
string, so it writes at most as many bytes as the length of the source
string.

Fixes: 30061915be6e3a2c (spi: spidev_test: Added input buffer from the terminal)
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: <stable@vger.kernel.org> # v4.5+
1 file changed
tree: 9fc3af0ff0d3401ea0d65e0b69e55b6fafd4aa08
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitignore
  26. .mailmap
  27. COPYING
  28. CREDITS
  29. Kbuild
  30. Kconfig
  31. MAINTAINERS
  32. Makefile
  33. README
  34. REPORTING-BUGS