Out of bounds access in service_tx_status_request() in musb_gadget_ep0.c

Marek Vasut marex at denx.de
Mon Apr 5 14:34:15 CEST 2021

Previous message (by thread): Out of bounds access in service_tx_status_request() in musb_gadget_ep0.c
Next message (by thread): [PATCH 06/13] pci: synquacer: Add SynQuacer ECAM based PCIe driver
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 4/5/21 2:38 AM, Heinrich Schuchardt wrote:
> Hello Marek,

Hi,

> &musb->endpoints[epnum].ep_out may be accessed out of bounds if a device
> sends a malformed message with ctrlrequest->wIndex = 0x10.

Where?

> The Linux code avoids this issue.

Please send a fix, thanks.

Previous message (by thread): Out of bounds access in service_tx_status_request() in musb_gadget_ep0.c
Next message (by thread): [PATCH 06/13] pci: synquacer: Add SynQuacer ECAM based PCIe driver
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the U-Boot mailing list