remoteproc: avoid stack overflow in debugfs file

Recent gcc versions warn about reading from a negative offset of an on-stack array: drivers/remoteproc/remoteproc_debugfs.c: In function 'rproc_recovery_write': drivers/remoteproc/remoteproc_debugfs.c:167:9: warning: 'buf[4294967295u]' may be used uninitialized in this function [-Wmaybe-uninitialized] I don't see anything in sys_write() that prevents us from being called with a zero 'count' argument, so we should add an extra check in rproc_recovery_write() to prevent the access and avoid the warning. Signed-off-by: N Arnd Bergmann <arnd@arndb.de> Fixes: 2e37abb8 ("remoteproc: create a 'recovery' debugfs entry") Signed-off-by: N Ohad Ben-Cohen <ohad@wizery.com>

remoteproc: avoid stack overflow in debugfs file
Recent gcc versions warn about reading from a negative offset of an on-stack array: drivers/remoteproc/remoteproc_debugfs.c: In function 'rproc_recovery_write': drivers/remoteproc/remoteproc_debugfs.c:167:9: warning: 'buf[4294967295u]' may be used uninitialized in this function [-Wmaybe-uninitialized] I don't see anything in sys_write() that prevents us from being called with a zero 'count' argument, so we should add an extra check in rproc_recovery_write() to prevent the access and avoid the warning. Signed-off-by: N Arnd Bergmann <arnd@arndb.de> Fixes: 2e37abb8 ("remoteproc: create a 'recovery' debugfs entry") Signed-off-by: N Ohad Ben-Cohen <ohad@wizery.com>
92792e48 · Arnd Bergmann · Ohad Ben-Cohen · 1ec21837 · 92792e48
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

drivers/remoteproc/remoteproc_debugfs.c drivers/remoteproc/remoteproc_debugfs.c +1 -1

未找到文件。
--- a/drivers/remoteproc/remoteproc_debugfs.c
+++ b/drivers/remoteproc/remoteproc_debugfs.c
@@ -156,7 +156,7 @@ rproc_recovery_write(struct file *filp, const char __user *user_buf,
 	char buf[10];
 	int ret;

-	if (count > sizeof(buf))
+	if (count < 1 || count > sizeof(buf))
 		return count;

 	ret = copy_from_user(buf, user_buf, count);