On Wed, Jan 13, 2021 at 10:27 PM Sean Young wrote:
>
> On Wed, Jan 13, 2021 at 07:11:22PM +0800, Dongliang Mu wrote:
> > The missing check of ir->buf_in[i+1] can lead to an shift-out-of-bound
> > in mceusb_handle_command or mceusb_dev_printdata. This patch adds a
> > check to limit its value lower
On Wed, Jan 13, 2021 at 07:11:22PM +0800, Dongliang Mu wrote:
> The missing check of ir->buf_in[i+1] can lead to an shift-out-of-bound
> in mceusb_handle_command or mceusb_dev_printdata. This patch adds a
> check to limit its value lower than 16. The concrete report of UBSAN is
> as follows.
>
> U
The missing check of ir->buf_in[i+1] can lead to an shift-out-of-bound
in mceusb_handle_command or mceusb_dev_printdata. This patch adds a
check to limit its value lower than 16. The concrete report of UBSAN is
as follows.
UBSAN: shift-out-of-bounds in drivers/media/rc/mceusb.c:704:13
shift expone
3 matches
Mail list logo
