* Fix a stack overflow in lib/bch.c
-----BEGIN PGP SIGNATURE----- iQI5BAABCAAjBQJbwEtmHBxib3Jpcy5icmV6aWxsb25AYm9vdGxpbi5jb20ACgkQ Ze02AX4ItwB9+g/7BGRJ4PkXiDVNI01N/I50oSeAQhfSJPGLOH4uWRLvvAwMMoqJ WmblcUwvllg7E8t9hcMOINuVEhweSAu6YxKBvVbGRKhqnuV13eNyOj8OB4IF+Yk0 RVAYbf1lyyfZGs4PQGwvMG14kM4Y/9ttVnwfewOjBqdJf66MiTeRTX4k7z7GTrYo kpkTSwKUlYi9eEEJB9Mhq9Ib9f2aiIeGWhzX/oZQ5ZIW0u5wkjdYTgIA4xaT1vML m4KiTBRMbDV63BWuJmSDi7YXLvEb9PbZRC2EA5j8VwDmEgWDw3hPuSdayQ06s/1g JjZR7s6+HW8D84i9ecGJOafOS0nuwIkdBJ7aepDkiad87crweWLf9JRxkz11LPbw DRrXIDswh8525fHLSwK9Fzg067fSJye8XrQtwMgZVAG6d+dDkrjzgUAfTo9fTf2j 0pShcwedDmoJrL5ntO0MQKm05RfUKRe7HmiUXX3FiXDdjNyhSM9SReN2dPw9MszP mlwaWZdmg3hd6cvn0aCHvmqbDBxeh1mS3RyEcXxONU+h1NGv3IS0mpLD3vLk7SHm 6Al8+Lpbd92ldEnPLYUrJeBlhJJiwS1amTZf4xxKGWLDFM4pKzWwj9T2vFtVAZAa bXEs8x8CgHbfP/oYBh8sHFjoHGlaF+f6opfp5JuUcHV3GHhUFDVlVQyOBR8= =vdMk -----END PGP SIGNATURE----- Merge tag 'mtd/fixes-for-4.19-rc8' of git://git.infradead.org/linux-mtd Boris writes: "mdt: fix for 4.19-rc8 * Fix a stack overflow in lib/bch.c" * tag 'mtd/fixes-for-4.19-rc8' of git://git.infradead.org/linux-mtd: lib/bch: fix possible stack overrun
This commit is contained in:
Greg Kroah-Hartman
Коммит
a291ab2d40
|
|
@ -119,7 +119,6 @@ obj-$(CONFIG_ZLIB_INFLATE) += zlib_inflate/
|
|||
obj-$(CONFIG_ZLIB_DEFLATE) += zlib_deflate/
|
||||
obj-$(CONFIG_REED_SOLOMON) += reed_solomon/
|
||||
obj-$(CONFIG_BCH) += bch.o
|
||||
CFLAGS_bch.o := $(call cc-option,-Wframe-larger-than=4500)
|
||||
obj-$(CONFIG_LZO_COMPRESS) += lzo/
|
||||
obj-$(CONFIG_LZO_DECOMPRESS) += lzo/
|
||||
obj-$(CONFIG_LZ4_COMPRESS) += lz4/
|
||||
|
|
|
|||
17
lib/bch.c
17
lib/bch.c
|
|
@ -79,20 +79,19 @@
|
|||
#define GF_T(_p) (CONFIG_BCH_CONST_T)
|
||||
#define GF_N(_p) ((1 << (CONFIG_BCH_CONST_M))-1)
|
||||
#define BCH_MAX_M (CONFIG_BCH_CONST_M)
|
||||
#define BCH_MAX_T (CONFIG_BCH_CONST_T)
|
||||
#else
|
||||
#define GF_M(_p) ((_p)->m)
|
||||
#define GF_T(_p) ((_p)->t)
|
||||
#define GF_N(_p) ((_p)->n)
|
||||
#define BCH_MAX_M 15
|
||||
#define BCH_MAX_M 15 /* 2KB */
|
||||
#define BCH_MAX_T 64 /* 64 bit correction */
|
||||
#endif
|
||||
|
||||
#define BCH_MAX_T (((1 << BCH_MAX_M) - 1) / BCH_MAX_M)
|
||||
|
||||
#define BCH_ECC_WORDS(_p) DIV_ROUND_UP(GF_M(_p)*GF_T(_p), 32)
|
||||
#define BCH_ECC_BYTES(_p) DIV_ROUND_UP(GF_M(_p)*GF_T(_p), 8)
|
||||
|
||||
#define BCH_ECC_MAX_WORDS DIV_ROUND_UP(BCH_MAX_M * BCH_MAX_T, 32)
|
||||
#define BCH_ECC_MAX_BYTES DIV_ROUND_UP(BCH_MAX_M * BCH_MAX_T, 8)
|
||||
|
||||
#ifndef dbg
|
||||
#define dbg(_fmt, args...) do {} while (0)
|
||||
|
|
@ -202,6 +201,9 @@ void encode_bch(struct bch_control *bch, const uint8_t *data,
|
|||
const uint32_t * const tab3 = tab2 + 256*(l+1);
|
||||
const uint32_t *pdata, *p0, *p1, *p2, *p3;
|
||||
|
||||
if (WARN_ON(r_bytes > sizeof(r)))
|
||||
return;
|
||||
|
||||
if (ecc) {
|
||||
/* load ecc parity bytes into internal 32-bit buffer */
|
||||
load_ecc8(bch, bch->ecc_buf, ecc);
|
||||
|
|
@ -1285,6 +1287,13 @@ struct bch_control *init_bch(int m, int t, unsigned int prim_poly)
|
|||
*/
|
||||
goto fail;
|
||||
|
||||
if (t > BCH_MAX_T)
|
||||
/*
|
||||
* we can support larger than 64 bits if necessary, at the
|
||||
* cost of higher stack usage.
|
||||
*/
|
||||
goto fail;
|
||||
|
||||
/* sanity checks */
|
||||
if ((t < 1) || (m*t >= ((1 << m)-1)))
|
||||
/* invalid t value */
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче