[PATCH 2/2] i2c: fix stack buffer overflow vulnerability in i2c md command
Tim Harvey
tharvey at gateworks.com
Sat Aug 27 00:21:44 CEST 2022
On Fri, Aug 26, 2022 at 2:16 PM Marek Vasut <marex at denx.de> wrote:
>
> This reinstates fix from commit 8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409
> without the changes unrelated to the actual fix. Avoid the underflow by
> setting only nbytes and linebytes as unsigned integers.
>
> Signed-off-by: Marek Vasut <marex at denx.de>
> Cc: Heiko Schocher <hs at denx.de>
> Cc: Nicolas Iooss <nicolas.iooss+uboot at ledger.fr>
> Cc: Simon Glass <sjg at chromium.org>
> Cc: Tim Harvey <tharvey at gateworks.com>
> ---
> cmd/i2c.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/cmd/i2c.c b/cmd/i2c.c
> index 9050b2b8d27..e196a73efa6 100644
> --- a/cmd/i2c.c
> +++ b/cmd/i2c.c
> @@ -470,7 +470,8 @@ static int do_i2c_md(struct cmd_tbl *cmdtp, int flag, int argc,
> uint chip;
> uint addr, length;
> int alen;
> - int j, nbytes, linebytes;
> + int j;
> + uint nbytes, linebytes;
> int ret;
> #if CONFIG_IS_ENABLED(DM_I2C)
> struct udevice *dev;
> --
> 2.35.1
>
Marek,
Did 8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409 get reverted then?
Best Regards,
Tim
More information about the U-Boot
mailing list