summaryrefslogtreecommitdiffstats
path: root/tools/spi
diff options
context:
space:
mode:
authorGeert Uytterhoeven <geert+renesas@glider.be>2016-09-09 09:02:51 +0200
committerMark Brown <broonie@kernel.org>2016-09-14 16:22:43 +0100
commit0278b34bf15f8d8a609595b15909cd8622dd64ca (patch)
tree9fc3af0ff0d3401ea0d65e0b69e55b6fafd4aa08 /tools/spi
parent29b4817d4018df78086157ea3a55c1d9424a7cfc (diff)
downloadlinux-0278b34bf15f8d8a609595b15909cd8622dd64ca.tar.gz
linux-0278b34bf15f8d8a609595b15909cd8622dd64ca.tar.bz2
linux-0278b34bf15f8d8a609595b15909cd8622dd64ca.zip
spi: spidev_test: Fix buffer overflow in unescape()
Sometimes spidev_test crashes with: *** Error in `spidev_test': munmap_chunk(): invalid pointer: 0x00022020 *** Aborted or just Segmentation fault This is due to transfer_escaped_string() miscalculating the required size of the buffer by one byte, causing a buffer overflow in unescape(). Drop the bogus "+ 1" in the strlen() parameter to fix this. Note that unescape() never copies the zero-terminator of the source string, so it writes at most as many bytes as the length of the source string. Fixes: 30061915be6e3a2c (spi: spidev_test: Added input buffer from the terminal) Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be> Signed-off-by: Mark Brown <broonie@kernel.org> Cc: <stable@vger.kernel.org> # v4.5+
Diffstat (limited to 'tools/spi')
-rw-r--r--tools/spi/spidev_test.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/tools/spi/spidev_test.c b/tools/spi/spidev_test.c
index 8a73d8185316..f3825b676e38 100644
--- a/tools/spi/spidev_test.c
+++ b/tools/spi/spidev_test.c
@@ -284,7 +284,7 @@ static void parse_opts(int argc, char *argv[])
static void transfer_escaped_string(int fd, char *str)
{
- size_t size = strlen(str + 1);
+ size_t size = strlen(str);
uint8_t *tx;
uint8_t *rx;