diff options
| author | Tom Rini <trini@konsulko.com> | 2022-04-29 11:25:06 -0400 |
|---|---|---|
| committer | Tom Rini <trini@konsulko.com> | 2022-04-29 11:25:06 -0400 |
| commit | f7bd9e4936b6e36c2443b9b2ef761e7593511521 (patch) | |
| tree | f830de0295223e3d938244e60e80a89cdc7f3e91 /drivers/usb/emul/sandbox_flash.c | |
| parent | e95afa56753cebcd20a5114b6d121f281b789006 (diff) | |
| parent | d69616e529560ace8cdf40bda91464a88c7ff43a (diff) | |
Merge branch '2022-04-29-fuzzing-and-asan-fixes'
To quote the author:
I've been experimenting with ASAN on sandbox and turned up a few issues
that are fixed in this series.
Basic ASAN was easy to turn on, but integrating with dlmalloc was
messier and fairly intrusive. Even when I had it working, there was only
a small redzone between allocations which limits the usefulness.
I saw another series on the list by Sean Anderson to enable valgrind
which was finding a different set of issues, though there was one
overlap that Sean is fixing with
"[PATCH] IOMUX: Fix access past end of console_devices".
With these issues fixed, I was able to run the dm tests without any ASAN
issues. There are a couple of leaks reported at the end, but that's for
another day.
Diffstat (limited to 'drivers/usb/emul/sandbox_flash.c')
| -rw-r--r-- | drivers/usb/emul/sandbox_flash.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/drivers/usb/emul/sandbox_flash.c b/drivers/usb/emul/sandbox_flash.c index edabc1b3a7a..cc80f671337 100644 --- a/drivers/usb/emul/sandbox_flash.c +++ b/drivers/usb/emul/sandbox_flash.c @@ -345,6 +345,8 @@ static int sandbox_flash_bulk(struct udevice *dev, struct usb_device *udev, } else { if (priv->alloc_len && len > priv->alloc_len) len = priv->alloc_len; + if (len > sizeof(priv->buff)) + len = sizeof(priv->buff); memcpy(buff, priv->buff, len); priv->phase = PHASE_STATUS; } |