{"id":2220517,"url":"http://patchwork.ozlabs.org/api/1.1/patches/2220517/?format=json","web_url":"http://patchwork.ozlabs.org/project/linux-gpio/patch/20260407-treewide-fixes-v1-6-66c9744a56a3@oss.qualcomm.com/","project":{"id":42,"url":"http://patchwork.ozlabs.org/api/1.1/projects/42/?format=json","name":"Linux GPIO development","link_name":"linux-gpio","list_id":"linux-gpio.vger.kernel.org","list_email":"linux-gpio@vger.kernel.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20260407-treewide-fixes-v1-6-66c9744a56a3@oss.qualcomm.com>","date":"2026-04-07T12:49:57","name":"[libgpiod,06/14] core: check the value of num_lines returned by the kernel","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"e53a747bba4e2c9a4dcf76cc26d8067776af0857","submitter":{"id":92196,"url":"http://patchwork.ozlabs.org/api/1.1/people/92196/?format=json","name":"Bartosz Golaszewski","email":"bartosz.golaszewski@oss.qualcomm.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/linux-gpio/patch/20260407-treewide-fixes-v1-6-66c9744a56a3@oss.qualcomm.com/mbox/","series":[{"id":498978,"url":"http://patchwork.ozlabs.org/api/1.1/series/498978/?format=json","web_url":"http://patchwork.ozlabs.org/project/linux-gpio/list/?series=498978","date":"2026-04-07T12:49:56","name":"libgpiod: assortment of fixes","version":1,"mbox":"http://patchwork.ozlabs.org/series/498978/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2220517/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2220517/checks/","tags":{},"headers":{"Return-Path":"\n ","X-Original-To":["incoming@patchwork.ozlabs.org","linux-gpio@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=qualcomm.com header.i=@qualcomm.com header.a=rsa-sha256\n header.s=qcppdkim1 header.b=T0QrPcKo;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=oss.qualcomm.com header.i=@oss.qualcomm.com\n header.a=rsa-sha256 header.s=google header.b=UhswySZZ;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c0a:e001:db::12fc:5321; helo=sea.lore.kernel.org;\n envelope-from=linux-gpio+bounces-34793-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com\n header.b=\"T0QrPcKo\";\n\tdkim=pass (2048-bit key) header.d=oss.qualcomm.com header.i=@oss.qualcomm.com\n header.b=\"UhswySZZ\"","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=205.220.180.131","smtp.subspace.kernel.org;\n dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com","smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=oss.qualcomm.com"],"Received":["from sea.lore.kernel.org (sea.lore.kernel.org\n [IPv6:2600:3c0a:e001:db::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fqmLL6KVwz1xy1\n\tfor ; Tue, 07 Apr 2026 22:52:10 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sea.lore.kernel.org (Postfix) with ESMTP id 667B3300B621\n\tfor ; Tue, 7 Apr 2026 12:51:25 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id EAF4D3B4EAD;\n\tTue, 7 Apr 2026 12:51:23 +0000 (UTC)","from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com\n [205.220.180.131])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 8A4583B4E94\n\tfor ; Tue, 7 Apr 2026 12:51:22 +0000 (UTC)","from pps.filterd (m0279871.ppops.net [127.0.0.1])\n\tby mx0a-0031df01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id\n 6376tmom2009900\n\tfor ; Tue, 7 Apr 2026 12:51:21 GMT","from mail-qt1-f197.google.com (mail-qt1-f197.google.com\n [209.85.160.197])\n\tby mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 4dcmrrtry0-1\n\t(version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NOT)\n\tfor ; Tue, 07 Apr 2026 12:51:21 +0000 (GMT)","by mail-qt1-f197.google.com with SMTP id\n d75a77b69052e-50d8e4c29caso54033861cf.0\n for ;\n Tue, 07 Apr 2026 05:51:21 -0700 (PDT)","from brgl-qcom.local ([2a01:cb1d:dc:7e00:b36f:5370:5f91:2d5])\n by smtp.gmail.com with ESMTPSA id\n 5b1f17b1804b1-4887e83682fsm577526505e9.7.2026.04.07.05.51.19\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Tue, 07 Apr 2026 05:51:19 -0700 (PDT)"],"ARC-Seal":"i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1775566283; cv=none;\n b=GSEpdfd8c7dh0I8oYQsPuaCK3SKHck13AWI8AZOBA1rv3Odc2vdv9Q/cW3n/Rh+loyuqofrO5FiqrpnHF4cUcCTF4OSCcbpbiKZUkoYPvq2da3s5pjt7hYg+GdBXzrxD8/HClIsbd8a5fzyM9MGTbhq7H6TnXW4XQqdgSuBpuPI=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1775566283; c=relaxed/simple;\n\tbh=LFAus8JvuYHpPvm6jVrQiYCWjVymPkski4Us0H8pOTY=;\n\th=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References:\n\t In-Reply-To:To:Cc;\n b=TGe3wwqasCdke0tgVvSgvHaEc6u82Gq1HK/V4m1oNM6BPzHX2HdqaFI4/c2rgSwDg1DFXL42ZHsZppeoByqe+bQN8tSCcHHrb63VwS7Xbp8ZD+F0sjBq8FaABtpv6krIKuPjJ7ZlKQoTHhrijdSWy/Dl2M2PcvWvw+Jrqzc2ecY=","ARC-Authentication-Results":"i=1; smtp.subspace.kernel.org;\n dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com;\n spf=pass smtp.mailfrom=oss.qualcomm.com;\n dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com\n header.b=T0QrPcKo;\n dkim=pass (2048-bit key) header.d=oss.qualcomm.com header.i=@oss.qualcomm.com\n header.b=UhswySZZ; arc=none smtp.client-ip=205.220.180.131","DKIM-Signature":["v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h=\n\tcc:content-transfer-encoding:content-type:date:from:in-reply-to\n\t:message-id:mime-version:references:subject:to; s=qcppdkim1; bh=\n\tpAkFwyclbebV7USWStrCtNnlMRDMI6cCrl5uzx/e9aQ=; b=T0QrPcKoRLREjlGK\n\tj73zJxsP2Rl3Qoq5+V25BgRzpgG26+7b9NBAUFvrmFcv98GH0CNwTRz2vyKFjBJ7\n\tV7PbzHpRmbNDDs/Ez2YHtZrNILegcE43A5fMHhnqsW36GrLwtWIvZVsqmmfYftgi\n\tJpoptPHXRv+9Lm+KC+ZwmIyR9xJiQnZPX4AB0dqzvc4wZxdY47doxtIp0sWKBbYN\n\tmMmRHzglwyPGH2eCBm6TG9BRDh4eJGLZ1Ykk6ZFAuxar4irRe2dnk2frHw/lJyg+\n\t4ftd7LXQd7EOK2IaVSTuAWpwbzOxATlQcM2qr6iR5NC9as62KiqtwFvuQWhYDzfi\n\tahncMw==","v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=oss.qualcomm.com; s=google; t=1775566281; x=1776171081;\n darn=vger.kernel.org;\n h=cc:to:in-reply-to:references:message-id:content-transfer-encoding\n :mime-version:subject:date:from:from:to:cc:subject:date:message-id\n :reply-to;\n bh=pAkFwyclbebV7USWStrCtNnlMRDMI6cCrl5uzx/e9aQ=;\n b=UhswySZZ5dwj7zPJAgSI3LhiUdfCmKlBktQC7TueakByqnn2TzbZ6t31SmtziQH0be\n mDYbMP/w+zE8PGS8wBuq80BF0kPsuHkAo3cxZQFuCV81nvTIXbtUpWQyELELaeVhGW9z\n DausUSz8HwAZMxMmsN05KYQF97Qvma05x3y9aQ6inYEyBMF3UOpnfwl2qWsVjEvIgBlQ\n vMR1/SU/PYfQ4IwQOXtMt2KtMlgdYWZJChUB+wkExwdBMYmA8ZdJ5ehp8xDC8Idkleme\n LWuyPh/hw0GFLIH5CM9eeDZSXfkmMACqVz3Jkg9IFVhwkgf4PX7AXxlV+Z5GPJr7FSiL\n hWfg=="],"X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1775566281; x=1776171081;\n h=cc:to:in-reply-to:references:message-id:content-transfer-encoding\n :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to\n :cc:subject:date:message-id:reply-to;\n bh=pAkFwyclbebV7USWStrCtNnlMRDMI6cCrl5uzx/e9aQ=;\n b=Twtgpk97IZ1XgIgQhjZsko+QuwWqYIAwzNTvONBoBlGhlkst7gWCfueQoPyACn13IK\n B8LKAKD5wfUhp1bPJoHGCMOV6qeinElHCJUclrZz0CdEC5V/MgtOQOcf6WcnV+M8orlq\n DbHumUPfNQq5lEzm3BuFBNt1IyTCGdfEoJzNbXE6UMG0AbCUW4FCD/KlVALK3Gsy9T3u\n TLLT/gSX3p/CpeCh7mjqs97DDfkUfZwXIp9A1h2IJgfdG51euQ/xTK1JUdHhOcDV/0RP\n epXFjlbGFk7dvz3RpbIDRuPxIldw2F7ULTuD7sFeuPbpfCIiqEzsYnZrxGpO/M7ZWXvd\n +vyw==","X-Gm-Message-State":"AOJu0YxTtsu5UFq+InFU3YcQrlLQa0WQomvkk0vqjmszCrSF57p9DIWU\n\tAgIoelBeXGcvOYqy4cuVFE7Wh+BDL8iDxM5JbaYoblPtxvIPcFxAHpHq7rjWLentqptq4WQ6q7l\n\tH1DiCD7AmvYumnXMw1a16zi7/OB1ny/YnYgC/wfB6Sbe5e4ftX7nSCHSVco5KnfRY","X-Gm-Gg":"AeBDiet62wKr671B18bReGklG17GaBfv1hoVhB8aXJ5A3b4aTngY0t6nABPuSEcstfQ\n\t7alsw7RHZbsnAUsYNOmzUa6kqEw5bdWYvt6qeZ0RVtZlphHzhbZgRH+vSu+FAY/M0xEvjxefl4d\n\tCVNfMkJbg29xH6PnKTsrU4Di4VuvdYjvO80IgkL59qrG81fk33XZJIH7MPMz5ajEpceR8qxb7xN\n\t2DACmnSnExikRdkJg1zXTOSvAp0xc43/UYoKlNCuRM6tqAU/kCENZppZbJ+2b8nzZ+iBJ0NW7p+\n\tW1KEGnZ8hf6xISow0EsXxrx1EMl29j5IyVDmIWS3HjidZ170YwKl8QenJi72y9rxQ2xM6/WUJtJ\n\t0IzU5B+WXjYe+eNb79cbtlGW306B4IDwzr/TOsHj9B38gI8i2Sg8=","X-Received":["by 2002:a05:622a:14c8:b0:50b:51a0:f744 with SMTP id\n d75a77b69052e-50d62b396eemr240070881cf.17.1775566281000;\n Tue, 07 Apr 2026 05:51:21 -0700 (PDT)","by 2002:a05:622a:14c8:b0:50b:51a0:f744 with SMTP id\n d75a77b69052e-50d62b396eemr240070501cf.17.1775566280601;\n Tue, 07 Apr 2026 05:51:20 -0700 (PDT)"],"From":"Bartosz Golaszewski ","Date":"Tue, 07 Apr 2026 14:49:57 +0200","Subject":"[PATCH libgpiod 06/14] core: check the value of num_lines returned\n by the kernel","Precedence":"bulk","X-Mailing-List":"linux-gpio@vger.kernel.org","List-Id":"","List-Subscribe":"","List-Unsubscribe":"","MIME-Version":"1.0","Content-Type":"text/plain; charset=\"utf-8\"","Content-Transfer-Encoding":"7bit","Message-Id":"<20260407-treewide-fixes-v1-6-66c9744a56a3@oss.qualcomm.com>","References":"<20260407-treewide-fixes-v1-0-66c9744a56a3@oss.qualcomm.com>","In-Reply-To":"<20260407-treewide-fixes-v1-0-66c9744a56a3@oss.qualcomm.com>","To":"Linus Walleij , Bartosz Golaszewski ,\n Kent Gibson , 4fqr <4fqr@proton.me>,\n Vincent Fazio ","Cc":"linux-gpio@vger.kernel.org,\n Bartosz Golaszewski ","X-Mailer":"b4 0.14.2","X-Developer-Signature":"v=1; a=openpgp-sha256; l=1103;\n i=bartosz.golaszewski@oss.qualcomm.com; h=from:subject:message-id;\n bh=LFAus8JvuYHpPvm6jVrQiYCWjVymPkski4Us0H8pOTY=;\n b=owEBbQKS/ZANAwAKAQWdLsv/NoTDAcsmYgBp1P24kUvHc9bHtHfVn09Pive6gwRM2FlO8PYCt\n hsmL3OzLkKJAjMEAAEKAB0WIQSR5RMt5bVGHXuiZfwFnS7L/zaEwwUCadT9uAAKCRAFnS7L/zaE\n wwT3D/40KS0c5oobU/xamNCgZn7rGeNrHFOqrtDNbciGwB/oKSjWS392el9UZg7pET+Rgi6cccU\n UZzmO+an74oaoGn4a8+uVk/nT5IRKRLyNXmldfvk1ypnjL66FLgHJBZJmiVpL5Q5iGxvcHtQ1DQ\n OBetRnDG9p7S85n6oWalvo+KgNjxH/cj6EDPkStHz6eF1JHXr3WxvOaVLFdshECtSf87HJg3nj0\n toD2edFd/BrJRemDfXTix5NzWSfr1tVcugiPzQurNntPKM2+kB9xVRxH20DVlAkw8JeKl3P6jtN\n FeVA6UZy7NLqnJ+hwXNiVJ6HWfBPZLwcsHsir0G3MB1IW2rGLdq98XqeG4H1Xow4hfnjUfbMiMY\n 5wpldJbSVbfkPDHlNZldnLBVmB/vFUu4jf3VGLtbXnxW0rn8GH1yrcWCLDPe47JBwPrVnSuVAih\n LV3WeQHkmyNsVVk54Ril6JutxU2SioseFiFFYveu6FYDQ42QH6Vp4uB/FCzXUgyt7fGVIxOf9iM\n 9EHBn6DERfFlLPezlPJ2gfqhPxeSlESxNuKAXwX1BjAhSonMNAkIAQsiAA/xNjVG665J5AuVmL4\n ZboSQzS/AGWhd8ksAVimhF5Um++Zhh4R0eiLsC86E8HkKZ6mTemR7u/zOTd0rqsDF5ZSkSEd9Mq\n xE8fYsOeFvnmtkA==","X-Developer-Key":"i=bartosz.golaszewski@oss.qualcomm.com; a=openpgp;\n fpr=169DEB6C0BC3C46013D2C79F11A72EA01471D772","X-Proofpoint-Spam-Details-Enc":"AW1haW4tMjYwNDA3MDEyMCBTYWx0ZWRfX67QcOr73hcCD\n 2TGzhoXE9EbQxlNCRfnpGVyvUNOTBtVyvAt8wrZbfG9/0EzUYHjKhDoSzXE3XRznsguwL/qvj+q\n kH/CkiURlcDmYbVpUfBncbRusiSzfTBYBCEKtQ5SnIE9MVH5O7477VOSwxc+vJuBdk6Difv3Ihv\n /21I7IpHttJDFJXapBIGGj7lAIBCgIS1E8OvdII3PLagB/TcraC3F6JKmg3t18sHi/ZVNOWEpkd\n 7dR9KhGFRLuP+tAqFo8dppgLgALrpaYZOXUeD0NXbuk38REmbAwGS70VSMs8bAKUwX6iKJ10gCf\n PPgqfNJ96ht8B3AF3OaCKeJmLLl4weBQd1aMiqwP1CsgoB1rLp0UT06C2YDJrIeZmpKKktjwyHn\n lvTZH/zhm3Ob0sJw9VI+Nyz2Bt2CqAF1NxP2Zf1JVzo+KI5G7H1axeogjeFlRXhbLQoKCYmdWVp\n vI0xRA3rLSIh9SHztww==","X-Proofpoint-GUID":"Tmwo_rvTvYiflluerKEmNiwwywrmDT4o","X-Proofpoint-ORIG-GUID":"Tmwo_rvTvYiflluerKEmNiwwywrmDT4o","X-Authority-Analysis":"v=2.4 cv=LquiDHdc c=1 sm=1 tr=0 ts=69d4fdc9 cx=c_pps\n a=EVbN6Ke/fEF3bsl7X48z0g==:117 a=Nn2DPWRt7RAnnKtp:21 a=xqWC_Br6kY4A:10\n a=IkcTkHD0fZMA:10 a=A5OVakUREuEA:10 a=s4-Qcg_JpJYA:10\n a=VkNPw1HP01LnGYTKEx00:22 a=u7WPNUs3qKkmUXheDGA7:22 a=3WHJM1ZQz_JShphwDgj5:22\n a=EUspDBNiAAAA:8 a=AJEIOyoIwW-J_MfQ9_EA:9 a=QEXdDO2ut3YA:10\n a=a_PwQJl-kcHnX1M80qC6:22","X-Proofpoint-Virus-Version":"vendor=baseguard\n engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49\n definitions=2026-04-07_02,2026-04-07_02,2025-10-01_01","X-Proofpoint-Spam-Details":"rule=outbound_notspam policy=outbound score=0\n lowpriorityscore=0 priorityscore=1501 adultscore=0 phishscore=0\n impostorscore=0 spamscore=0 suspectscore=0 clxscore=1015 bulkscore=0\n malwarescore=0 classifier=typeunknown authscore=0 authtc= authcc=\n route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2604010000\n definitions=main-2604070120"},"content":"gpiod_line_request_from_uapi() initializes a line request from the kernel\nioctl() response but trusts that num_lines in struct gpio_v2_line_request\nwill not be greater than 64. If the kernel or a malicious kernel module\nreturns num_lines > 64, the memcpy() overflows the fixed-size offsets\narray. Add a local check in the library.\n\nFixes: b7ba732e6a93 (\"treewide: libgpiod v2 implementation\")\nReported-by: 4fqr <4fqr@proton.me>\nSigned-off-by: Bartosz Golaszewski \n---\n lib/line-request.c | 5 +++++\n 1 file changed, 5 insertions(+)","diff":"diff --git a/lib/line-request.c b/lib/line-request.c\nindex b76b3d72b79ffe60be0dd2fdf28c6e7de35f77d7..2d41d96aeffed731b5039565672ebf894317a2a7 100644\n--- a/lib/line-request.c\n+++ b/lib/line-request.c\n@@ -24,6 +24,11 @@ gpiod_line_request_from_uapi(struct gpio_v2_line_request *uapi_req,\n {\n \tstruct gpiod_line_request *request;\n \n+\tif (uapi_req->num_lines > GPIO_V2_LINES_MAX) {\n+\t\terrno = EINVAL;\n+\t\treturn NULL;\n+\t}\n+\n \trequest = malloc(sizeof(*request));\n \tif (!request)\n \t\treturn NULL;\n","prefixes":["libgpiod","06/14"]}