From patchwork Tue Jun 6 12:00:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kent Gibson X-Patchwork-Id: 103756 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp3342880vqr; Tue, 6 Jun 2023 05:08:22 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ64lOgZkJNSk7xkD/kkhvfM7vfAuFMydogzy6Qt9f/Tq2LTkw7pMo5f5Smh3c/zNX77ge8/ X-Received: by 2002:a05:6214:2526:b0:5ef:a772:2731 with SMTP id gg6-20020a056214252600b005efa7722731mr2024854qvb.11.1686053302654; Tue, 06 Jun 2023 05:08:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686053302; cv=none; d=google.com; s=arc-20160816; b=pTl+OBJFzQCyv5AQRYyyttvUtL/rqKjRH6OYl5wycgOVp5nbolUVIoaiHrp+G91gBC 1nXgikrzuSuPurt2TWEQZAZF4eUQx8GB7XZ8Yrn00/DguUqVfGAG76UxfNFty2qQKDN2 aQnZTehj6D7fPQYr1J7mjq4kijleiNKxQOq/6KfGyMhdIV6rnPN/Vk4WDGQJXNuPLm98 T2BHjLhuQ7d9cEl1v9b3Eglc4fplWkWxpGi0u6XUdx2Q2GjJdeNuepjsOnqxbVuc+X44 HMnxpm8Xn1d0/BDd8dkkSw9Opove79wQAKgKOzL+WA5kQtMiwx8gLRgZJw28E1MDGIOf Rg1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=AhrfkRC2d1Nzu0rFUFmWucm1SEXL2rGUMQoBfN9aZzY=; b=iD2J0jUb9mm7FjJzlO46HWhAx2fxPvxZso4NHHJ1LF0iV64fOoJpSu7c6WSkNPtwq+ abM04Ey9b+RFUyrEo5gTUdHbrEwcQFN1cx1b0SbYK+F6+mJUS4fbJ0cqH6zHs9xQJ78l XdyYQkSiw3m2UNFD/GjuK6xDsduMbNQaohugJdG1xyP0vwbqfeJMxlB3zL8yrEPizsLW R9XkG7OJZw5oOHuFqDD80ZV0c8sQQgNMls1v5rgfE2VZWpDrbDbJ3AyCVcei94gQ9cru oeuyrhg31r6vR0L/1CmgCGrC7yjfz3kF0D6EjCG5Pv7Clu2kAIhgJzMijBenKSYgqQx7 BtXQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=iHvkabwU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id gy9-20020a056214242900b006282db0ebc2si6233593qvb.489.2023.06.06.05.08.07; Tue, 06 Jun 2023 05:08:22 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=iHvkabwU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229880AbjFFMBe (ORCPT + 99 others); Tue, 6 Jun 2023 08:01:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43922 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237422AbjFFMBY (ORCPT ); Tue, 6 Jun 2023 08:01:24 -0400 Received: from mail-oi1-x22b.google.com (mail-oi1-x22b.google.com [IPv6:2607:f8b0:4864:20::22b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 712A210FE; Tue, 6 Jun 2023 05:01:02 -0700 (PDT) Received: by mail-oi1-x22b.google.com with SMTP id 5614622812f47-39810ce3e13so5316312b6e.2; Tue, 06 Jun 2023 05:01:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1686052861; x=1688644861; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=AhrfkRC2d1Nzu0rFUFmWucm1SEXL2rGUMQoBfN9aZzY=; b=iHvkabwU4JKGe8CglZWMOgqSzh8iYE0TdPuAjrDuLowg8lus7vPfB3P3gB4Yl1Hxhq i+ZWhLXhQW3Oo1E9c6zlyIRqS1FIjkiyqds/IclnFRyFY9HysSVUf9fzzRQbn5kiqkS1 +1FORx+bOeJBExergOlw1RhziKnLqPG9ox0qK9kVCbKiC1Hzrq2AW6bbfamPXv4WWNtz 73xatfGvBLdmXT5DUtGDBZmFya3wgPTBIEFAtKwosN3N1P800/lAMTMwW1O4XcC7r6vd x+ZqsiacLBYuRfEqZZOXn/bp8pqOVhf3V/xwXckxtsMJcMJby7g1TnbCQkaKtKqaZAB1 ssBw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686052861; x=1688644861; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=AhrfkRC2d1Nzu0rFUFmWucm1SEXL2rGUMQoBfN9aZzY=; b=jO522hkSUdH7s0C2T19vG+qKQ3gbq8qg4T5epaZrrW21wjUVIJK8vN/5R72VhipjpV a60MqEKGNLWUlJJsKpLw4cMZDARWSPwdTM3TOeg8quwoeKidD8jzGrBA5mZcPeDKdPWb 67eWgpZf4gQk9GrNY5t4gH0nidfG84MP/KcAXDqy7U23rSRd/DEH5ATRsZYuZkzh7jMy Qk20Ah+g2RzjsLO5liqALD/kjRJ6qvT1KpFjX0dw/h6YuOASPB0lhsfNlnvCAsikDeeH qLig01JE7feuYQURGJYYe6Hue7pv8o0zx+DIYF9ur0Dx88cBqBP6eHoSmlUX5KdMnGLr k31A== X-Gm-Message-State: AC+VfDxn/nOYhwZqTjOxoN/opDl6p7m1rl/hrMlgghYdpO/qoXED7+s8 yLdDdjo9ykHtMgBoz7MrrvsIAWymor0= X-Received: by 2002:a05:6808:250:b0:39a:bc5c:f265 with SMTP id m16-20020a056808025000b0039abc5cf265mr1905409oie.28.1686052861478; Tue, 06 Jun 2023 05:01:01 -0700 (PDT) Received: from sol.home.arpa (194-223-178-180.tpgi.com.au. [194.223.178.180]) by smtp.gmail.com with ESMTPSA id z8-20020aa791c8000000b0063d2989d5b4sm1330427pfa.45.2023.06.06.05.00.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 05:01:01 -0700 (PDT) From: Kent Gibson To: linux-kernel@vger.kernel.org, linux-gpio@vger.kernel.org, brgl@bgdev.pl, linus.walleij@linaro.org Cc: Kent Gibson Subject: [PATCH v2] gpio: sim: fix memory corruption when adding named lines and unnamed hogs Date: Tue, 6 Jun 2023 20:00:34 +0800 Message-Id: <20230606120034.42904-1-warthog618@gmail.com> X-Mailer: git-send-email 2.40.1 MIME-Version: 1.0 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1767955027892717898?= X-GMAIL-MSGID: =?utf-8?q?1767955027892717898?= When constructing the sim, gpio-sim constructs an array of named lines, sized based on the largest offset of any named line, and then initializes that array with the names of all lines, including unnamed hogs with higher offsets. In doing so it writes NULLs beyond the extent of the array. Add a check that only named lines are used to initialize the array. Fixes: cb8c474e79be ("gpio: sim: new testing module") Signed-off-by: Kent Gibson --- changes v1 -> v2: - check offset as well to make the purpose of the check clearer drivers/gpio/gpio-sim.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/gpio/gpio-sim.c b/drivers/gpio/gpio-sim.c index e5dfd636c63c..09aa0b64859b 100644 --- a/drivers/gpio/gpio-sim.c +++ b/drivers/gpio/gpio-sim.c @@ -721,8 +721,10 @@ static char **gpio_sim_make_line_names(struct gpio_sim_bank *bank, if (!line_names) return ERR_PTR(-ENOMEM); - list_for_each_entry(line, &bank->line_list, siblings) - line_names[line->offset] = line->name; + list_for_each_entry(line, &bank->line_list, siblings) { + if (line->name && (line->offset <= max_offset)) + line_names[line->offset] = line->name; + } return line_names; }