Fixed integer overflow in iwl_write_to_user_buf (Linux Wireless)


On Wed, Jun 15, 2022 at 09:06:51AM +0200, Johannes Berg wrote:
> On Tue, 2022-06-14 at 10:33 -0700, Hyunwoo Kim wrote:
> > An integer overflow occurs in the iwl_write_to_user_buf() function,
> >    which is called by the iwl_dbgfs_monitor_data_read() function.
> > 
> 
> Out of curiosity, how did you find this?

I found it while analyzing several device drivers as a personal hobby.


I also want to ask you one question.
While analyzing several device drivers, I found several such integer overflow 
or race condition problems, and made and submitted a patch.

https://marc.info/?l=linux-fbdev&m=165497564701256&w=2
https://www.spinics.net/lists/linux-efi/msg24884.html

However, there is no response whether this patch has been accepted or rejected. 
In this case, do I have to send an email to the higher level maintainer? Or do I have to wait?

Thanks,
Hyunwoo Kim




Read more here: Source link