forked from luck/tmp_suning_uos_patched
spi: spidev_test: Fix buffer overflow in unescape()
Sometimes spidev_test crashes with:
*** Error in `spidev_test': munmap_chunk(): invalid pointer: 0x00022020 ***
Aborted
or just
Segmentation fault
This is due to transfer_escaped_string() miscalculating the required
size of the buffer by one byte, causing a buffer overflow in unescape().
Drop the bogus "+ 1" in the strlen() parameter to fix this.
Note that unescape() never copies the zero-terminator of the source
string, so it writes at most as many bytes as the length of the source
string.
Fixes: 30061915be
(spi: spidev_test: Added input buffer from the terminal)
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: <stable@vger.kernel.org> # v4.5+
This commit is contained in:
parent
29b4817d40
commit
0278b34bf1
|
@ -284,7 +284,7 @@ static void parse_opts(int argc, char *argv[])
|
|||
|
||||
static void transfer_escaped_string(int fd, char *str)
|
||||
{
|
||||
size_t size = strlen(str + 1);
|
||||
size_t size = strlen(str);
|
||||
uint8_t *tx;
|
||||
uint8_t *rx;
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user