diff options
| author | Dan Carpenter <[email protected]> | 2023-11-06 17:04:33 +0300 | 
|---|---|---|
| committer | Martin K. Petersen <[email protected]> | 2023-11-08 21:42:26 -0500 | 
| commit | 860c3d03bbc3f17aef8600662c488f27fd093142 (patch) | |
| tree | f101c4879f5382ec75df12777b95dd37e959e40e /scripts/gcc-plugins/structleak_plugin.c | |
| parent | 27900d7119c464b43cd9eac69c85884d17bae240 (diff) | |
scsi: scsi_debug: Fix some bugs in sdebug_error_write()
There are two bug in this code:
 1) If count is zero, then it will lead to a NULL dereference.  The
    kmalloc() will successfully allocate zero bytes and the test for "if
    (buf[0] == '-')" will read beyond the end of the zero size buffer and
    Oops.
 2) The code does not ensure that the user's string is properly NUL
    terminated which could lead to a read overflow.
Fixes: a9996d722b11 ("scsi: scsi_debug: Add interface to manage error injection for a single device")
Signed-off-by: Dan Carpenter <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Reviewed-by: Wenchao Hao <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
Diffstat (limited to 'scripts/gcc-plugins/structleak_plugin.c')
0 files changed, 0 insertions, 0 deletions