Message ID | Y8lX8bKPN6ObNN2i@kili (mailing list archive) |
---|---|
State | New |
Headers | show |
Series | ACPI: NFIT: prevent underflow in acpi_nfit_ctl( | expand |
diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c index f1cc5ec6a3b6..da0739f04c98 100644 --- a/drivers/acpi/nfit/core.c +++ b/drivers/acpi/nfit/core.c @@ -446,10 +446,10 @@ int acpi_nfit_ctl(struct nvdimm_bus_descriptor *nd_desc, struct nvdimm *nvdimm, const char *cmd_name, *dimm_name; unsigned long cmd_mask, dsm_mask; u32 offset, fw_status = 0; + unsigned int family = 0; acpi_handle handle; const guid_t *guid; int func, rc, i; - int family = 0; if (cmd_rc) *cmd_rc = -EINVAL;
The concern here would be that "family" is negative and we pass a negative value to test_bit() resulting in an out of bounds read and potentially a crash. This patch is based on static analysis and not on testing. Fixes: 9a7e3d7f0568 ("ACPI: NFIT: Fix input validation of bus-family") Signed-off-by: Dan Carpenter <error27@gmail.com> --- Another idea would be that we could change test_bit() to not accept bits higher than INT_MAX. drivers/acpi/nfit/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)