| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 23 Feb 2024 19:47:36 +0200
From: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
To: Kees Cook <keescook@...omium.org>
Cc: Jonathan Cameron <jic23@...nel.org>,
Lars-Peter Clausen <lars@...afoo.de>,
Uwe Kleine-König <u.kleine-koenig@...gutronix.de>,
Nuno Sá <nuno.sa@...log.com>,
linux-iio@...r.kernel.org, Nathan Chancellor <nathan@...nel.org>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Bill Wendling <morbo@...gle.com>,
Justin Stitt <justinstitt@...gle.com>, llvm@...ts.linux.dev,
Tomislav Denis <tomislav.denis@....com>,
linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH v2] iio: pressure: dlhl60d: Initialize empty DLH bytes
On Fri, Feb 23, 2024 at 09:29:39AM -0800, Kees Cook wrote:
> 3 bytes were being read but 4 were being written. Explicitly initialize
> the unused bytes to 0 and refactor the loop to use direct array
> indexing, which appears to silence a Clang false positive warning[1].
...
> for_each_set_bit(chn, indio_dev->active_scan_mask,
> - indio_dev->masklength) {
> - memcpy(tmp_buf + i,
> + indio_dev->masklength) {
> + memcpy(&tmp_buf[i++],
> &st->rx_buf[1] + chn * DLH_NUM_DATA_BYTES,
> DLH_NUM_DATA_BYTES);
> - i++;
> }
Not that I'm against the changes, but they (in accordance with the commit
message) are irrelevant to this fix. I prefer fixes to be more focused on
the real issues.
--
With Best Regards,
Andy Shevchenko
Powered by blists - more mailing lists