korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-25 13:14:07 +08:00
Code Issues Packages Projects Releases Wiki Activity
0278b34bf1
linux/tools/spi
History
Geert Uytterhoeven 0278b34bf1 spi: spidev_test: Fix buffer overflow in unescape() 
Sometimes spidev_test crashes with:

    *** Error in `spidev_test': munmap_chunk(): invalid pointer: 0x00022020 ***
    Aborted

or just

    Segmentation fault

This is due to transfer_escaped_string() miscalculating the required
size of the buffer by one byte, causing a buffer overflow in unescape().

Drop the bogus "+ 1" in the strlen() parameter to fix this.

Note that unescape() never copies the zero-terminator of the source
string, so it writes at most as many bytes as the length of the source
string.

Fixes: 30061915be (spi: spidev_test: Added input buffer from the terminal)
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: <stable@vger.kernel.org> # v4.5+
2016-09-14 16:22:43 +01:00
..
.gitignore spi: tools: move spidev_test metadata 2015-11-30 12:14:12 +00:00
Makefile spi: Move spi code from Documentation to tools 2015-11-23 14:54:01 +00:00
spidev_fdx.c spi: Move spi code from Documentation to tools 2015-11-23 14:54:01 +00:00
spidev_test.c spi: spidev_test: Fix buffer overflow in unescape() 2016-09-14 16:22:43 +01:00