[PATCH] firewire: cdev: fix potential leak of kernel stack due to uninitialized value

Takashi Sakamoto o-takashi at sakamocchi.jp
Wed Jun 15 03:27:33 CEST 2022


On Tue, Jun 14, 2022 at 03:07:46PM +0200, Takashi Iwai wrote:
> On Tue, 14 Jun 2022 14:30:36 +0200,
> Takashi Sakamoto wrote:
> > 
> > Hi Iwai-san,
> > 
> > I have a moderate request to you for the patch which fixes an issue
> > included in v5.19-rc1. If it's applicable and I can borrow your help
> > again, I'd like you to send the patch to mainline via your tree.
> 
> Do you have the lore URL I can get a patch from?
 
Here it is:

https://lore.kernel.org/alsa-devel/20220512112037.103142-1-o-takashi@sakamocchi.jp/

> > If possible, it's preferable to apply additional three patches I
> > respined[1], but it could be optional since not so critical.
> > 
> > [1] https://lore.kernel.org/alsa-devel/20220512111756.103008-1-o-takashi@sakamocchi.jp/
> 
> I can merge those, but now looking at the patches, I'm afraid that the
> patch 2 ("firewire: use struct_size over open coded arithmetic") is
> wrong; struct_size() takes the number of elements, and the element
> type is u32, hence you're allocating 4 times large data with that
> patch.

Indeed, I overlooked it. The length should be quadlet count instead of
byte count in the case. I'll post revised patches later. Thanks for your
review.


Regards

Takashi Sakamoto


More information about the Alsa-devel mailing list