aboutsummaryrefslogtreecommitdiff
path: root/scripts/gcc-plugins/structleak_plugin.c
diff options
context:
space:
mode:
authorAlan Stern <[email protected]>2016-06-23 15:05:26 -0400
committerMartin K. Petersen <[email protected]>2016-06-29 00:51:31 -0400
commit5e7ff2ca7f2da55fe777167849d0c93403bd0dc8 (patch)
tree5fb37d646be7e708c503feabed417afb14328b95 /scripts/gcc-plugins/structleak_plugin.c
parent54e430bbd490e18ab116afa4cd90dcc45787b3df (diff)
SCSI: fix new bug in scsi_dev_info_list string matching
Commit b704f70ce200 ("SCSI: fix bug in scsi_dev_info_list matching") changed the way vendor- and model-string matching was carried out in the routine that looks up entries in a SCSI devinfo list. The new matching code failed to take into account the case of a maximum-length string; in such cases it could end up testing for a terminating '\0' byte beyond the end of the memory allocated to the string. This out-of-bounds bug was detected by UBSAN. I don't know if anybody has actually encountered this bug. The symptom would be that a device entry in the blacklist might not be matched properly if it contained an 8-character vendor name or a 16-character model name. Such entries certainly exist in scsi_static_device_list. This patch fixes the problem by adding a check for a maximum-length string before the '\0' test. Signed-off-by: Alan Stern <[email protected]> Fixes: b704f70ce200 ("SCSI: fix bug in scsi_dev_info_list matching") Tested-by: Wilfried Klaebe <[email protected]> CC: <[email protected]> # v4.4+ Signed-off-by: Martin K. Petersen <[email protected]>
Diffstat (limited to 'scripts/gcc-plugins/structleak_plugin.c')
0 files changed, 0 insertions, 0 deletions