diff options
author | Geert Uytterhoeven <geert+renesas@glider.be> | 2016-09-09 09:02:51 +0200 |
---|---|---|
committer | Mark Brown <broonie@kernel.org> | 2016-09-14 17:22:43 +0200 |
commit | 0278b34bf15f8d8a609595b15909cd8622dd64ca (patch) | |
tree | 9fc3af0ff0d3401ea0d65e0b69e55b6fafd4aa08 /certs | |
parent | Linux 4.8-rc1 (diff) | |
download | linux-0278b34bf15f8d8a609595b15909cd8622dd64ca.tar.xz linux-0278b34bf15f8d8a609595b15909cd8622dd64ca.zip |
spi: spidev_test: Fix buffer overflow in unescape()
Sometimes spidev_test crashes with:
*** Error in `spidev_test': munmap_chunk(): invalid pointer: 0x00022020 ***
Aborted
or just
Segmentation fault
This is due to transfer_escaped_string() miscalculating the required
size of the buffer by one byte, causing a buffer overflow in unescape().
Drop the bogus "+ 1" in the strlen() parameter to fix this.
Note that unescape() never copies the zero-terminator of the source
string, so it writes at most as many bytes as the length of the source
string.
Fixes: 30061915be6e3a2c (spi: spidev_test: Added input buffer from the terminal)
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: <stable@vger.kernel.org> # v4.5+
Diffstat (limited to 'certs')
0 files changed, 0 insertions, 0 deletions