| Message ID | 20200312144015.1848245-1-gabravier@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [v2] gpio-hammer: Avoid potential overflow in main | expand |
On 3/12/20 3:40 PM, Gabriel Ravier wrote: > If '-o' was used more than 64 times in a single invocation of gpio-hammer, > this could lead to an overflow of the 'lines' array. This commit fixes > this by avoiding the overflow and giving a proper diagnostic back to the > user > > Signed-off-by: Gabriel Ravier <gabravier@gmail.com> > --- > tools/gpio/gpio-hammer.c | 17 ++++++++++++++++- > 1 file changed, 16 insertions(+), 1 deletion(-) > > diff --git a/tools/gpio/gpio-hammer.c b/tools/gpio/gpio-hammer.c > index 0e0060a6e..d0be21af1 100644 > --- a/tools/gpio/gpio-hammer.c > +++ b/tools/gpio/gpio-hammer.c > @@ -135,7 +135,14 @@ int main(int argc, char **argv) > device_name = optarg; > break; > case 'o': > - lines[i] = strtoul(optarg, NULL, 10); > + /* > + * Avoid overflow. Do not immediately error, we want to > + * be able to accurately report on the amount of times > + *'-o' was given to give an accurate error message > + */ > + if (i < GPIOHANDLES_MAX) > + lines[i] = strtoul(optarg, NULL, 10); > + > i++; > break; > case '?': > @@ -143,6 +150,14 @@ int main(int argc, char **argv) > return -1; > } > } > + > + if (i >= GPIOHANDLES_MAX) { > + fprintf(stderr, > + "Only %d occurences of '-o' are allowed, %d were found\n", > + GPIOHANDLES_MAX, i + 1); > + return -1; > + } > + > nlines = i; > > if (!device_name || !nlines) { Just noticed that there isn't a space before the "'-o'" in the third line of the explanatory comment in the first part of the patch, will send a third version of the patch with a space before the "'-o'"
diff --git a/tools/gpio/gpio-hammer.c b/tools/gpio/gpio-hammer.c index 0e0060a6e..d0be21af1 100644 --- a/tools/gpio/gpio-hammer.c +++ b/tools/gpio/gpio-hammer.c @@ -135,7 +135,14 @@ int main(int argc, char **argv) device_name = optarg; break; case 'o': - lines[i] = strtoul(optarg, NULL, 10); + /* + * Avoid overflow. Do not immediately error, we want to + * be able to accurately report on the amount of times + *'-o' was given to give an accurate error message + */ + if (i < GPIOHANDLES_MAX) + lines[i] = strtoul(optarg, NULL, 10); + i++; break; case '?': @@ -143,6 +150,14 @@ int main(int argc, char **argv) return -1; } } + + if (i >= GPIOHANDLES_MAX) { + fprintf(stderr, + "Only %d occurences of '-o' are allowed, %d were found\n", + GPIOHANDLES_MAX, i + 1); + return -1; + } + nlines = i; if (!device_name || !nlines) {
If '-o' was used more than 64 times in a single invocation of gpio-hammer, this could lead to an overflow of the 'lines' array. This commit fixes this by avoiding the overflow and giving a proper diagnostic back to the user Signed-off-by: Gabriel Ravier <gabravier@gmail.com> --- tools/gpio/gpio-hammer.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-)