On Wed, Jun 20, 2018 at 11:27 AM, Kees Cook keescook@chromium.org wrote:
In the quest to remove all stack VLA usage from the kernel[1], this sets the buffer to maximum size and adds a sanity check.
[1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZW...
Signed-off-by: Kees Cook keescook@chromium.org
Friendly ping! Who's tree should this go through?
Thanks!
-Kees
drivers/gpu/drm/i2c/tda9950.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/i2c/tda9950.c b/drivers/gpu/drm/i2c/tda9950.c index 3f7396caad48..28314433c351 100644 --- a/drivers/gpu/drm/i2c/tda9950.c +++ b/drivers/gpu/drm/i2c/tda9950.c @@ -76,9 +76,12 @@ struct tda9950_priv { static int tda9950_write_range(struct i2c_client *client, u8 addr, u8 *p, int cnt) { struct i2c_msg msg;
u8 buf[cnt + 1];
u8 buf[CEC_MAX_MSG_SIZE + 3]; int ret;if (WARN_ON(cnt > sizeof(buf)))return -EINVAL;buf[0] = addr; memcpy(buf + 1, p, cnt);-- 2.17.1
-- Kees Cook Pixel Security