Searched hist:c56a85d09bd7788cdb77329723c8459e5d834a53 (Results 1 – 2 of 2) sorted by relevance
| /rk3399_ARM-atf/lib/debugfs/ |
| H A D | dev.h | c56a85d09bd7788cdb77329723c8459e5d834a53 Mon Jul 21 11:35:07 UTC 2025 Harrison Mutai <harrison.mutai@arm.com> fix(debugfs): guard against negative ch offsets
The `chan` struct’s `offset` field was previously a signed long,
allowing negative values. When used in comparisons in `buf_to_channel`,
a negative offset would be cast to a large unsigned integer, causing the
bounds check to silently fail. This could allow a negative offset to
bypass validation and lead to an out-of-bounds access during operations
like `memcpy`.
This patch changes the `offset` field to `unsigned long` and updates
affected functions to use the correct types, ensuring all offset
comparisons are safe and negative values are disallowed at the type
level.
Change-Id: I5d37bbd2fe6d7d3a19628c1a0376c3bf83947f27
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Reported-by: Bartek Piekarski <bartek.piekarski@arm.com>
|
| H A D | dev.c | c56a85d09bd7788cdb77329723c8459e5d834a53 Mon Jul 21 11:35:07 UTC 2025 Harrison Mutai <harrison.mutai@arm.com> fix(debugfs): guard against negative ch offsets
The `chan` struct’s `offset` field was previously a signed long,
allowing negative values. When used in comparisons in `buf_to_channel`,
a negative offset would be cast to a large unsigned integer, causing the
bounds check to silently fail. This could allow a negative offset to
bypass validation and lead to an out-of-bounds access during operations
like `memcpy`.
This patch changes the `offset` field to `unsigned long` and updates
affected functions to use the correct types, ensuring all offset
comparisons are safe and negative values are disallowed at the type
level.
Change-Id: I5d37bbd2fe6d7d3a19628c1a0376c3bf83947f27
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Reported-by: Bartek Piekarski <bartek.piekarski@arm.com>
|