Re: [PATCH] pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write
Dan Carpenter <dan.carpenter@...>
On Mon, Jun 20, 2022 at 07:00:10AM -0700, Hyunwoo Kim wrote:
In pxa3xx_gcu_write, a count parameter ofThe count variable is actually capped at MAX_RW_COUNT in vfs_write()
so "words" cannot be negative. This patch helps clean up the code but
it does not affect run time.
This is CVE-2022-39842.
PS: The other relavant code for people looking for integer overflows in
read/write functions is in rw_verify_area(). That function prevents a
lot of suspicious looking driver code from being exploitable.