[PATCH 1/2] Revert "i2c: fix stack buffer overflow vulnerability in i2c md command"
Simon Glass
sjg at chromium.org
Sat Aug 27 02:21:01 CEST 2022
On Fri, 26 Aug 2022 at 15:16, Marek Vasut <marex at denx.de> wrote:
>
> This reverts commit 8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409.
>
> The commit is largely wrong and breaks most of i2c command functionality.
> The problem described in the aforementioned commit commit message is valid,
> however the commit itself does many more changes unrelated to fixing that
> one problem it describes. Those extra changes, namely the handling of i2c
> device address length as unsigned instead of signed integer, breaks the
> expectation that address length may be negative value. The negative value
> is used by DM to indicate that address length of device does not change.
>
> The actual bug documented in commit 8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409
> can be fixed by extra sanitization in separate patch.
>
> Signed-off-by: Marek Vasut <marex at denx.de>
> Cc: Heiko Schocher <hs at denx.de>
> Cc: Nicolas Iooss <nicolas.iooss+uboot at ledger.fr>
> Cc: Simon Glass <sjg at chromium.org>
> Cc: Tim Harvey <tharvey at gateworks.com>
> ---
> cmd/i2c.c | 24 ++++++++++++------------
> 1 file changed, 12 insertions(+), 12 deletions(-)
Reviewed-by: Simon Glass <sjg at chromium.org>
More information about the U-Boot
mailing list