diff options
author | Geert Uytterhoeven <geert+renesas@glider.be> | 2016-09-09 09:02:51 +0200 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2016-10-28 03:45:18 -0400 |
commit | 19db6eeffcb6784a24374e410c64188a21455ec2 (patch) | |
tree | 486ddaa675e3a545aeb4db2e6953453ed60a9d0c /tools | |
parent | e4211e4685efd982531f6f5989228ff144114fb2 (diff) |
spi: spidev_test: Fix buffer overflow in unescape()
commit 0278b34bf15f8d8a609595b15909cd8622dd64ca upstream.
Sometimes spidev_test crashes with:
*** Error in `spidev_test': munmap_chunk(): invalid pointer: 0x00022020 ***
Aborted
or just
Segmentation fault
This is due to transfer_escaped_string() miscalculating the required
size of the buffer by one byte, causing a buffer overflow in unescape().
Drop the bogus "+ 1" in the strlen() parameter to fix this.
Note that unescape() never copies the zero-terminator of the source
string, so it writes at most as many bytes as the length of the source
string.
Fixes: 30061915be6e3a2c (spi: spidev_test: Added input buffer from the terminal)
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'tools')
-rw-r--r-- | tools/spi/spidev_test.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/tools/spi/spidev_test.c b/tools/spi/spidev_test.c index 8a73d8185316..f3825b676e38 100644 --- a/tools/spi/spidev_test.c +++ b/tools/spi/spidev_test.c @@ -284,7 +284,7 @@ static void parse_opts(int argc, char *argv[]) static void transfer_escaped_string(int fd, char *str) { - size_t size = strlen(str + 1); + size_t size = strlen(str); uint8_t *tx; uint8_t *rx; |