Commit 9c590ae7 authored May 28, 2025 by Dan Carpenter Committed by Greg Kroah-Hartman Aug 15, 2025

watchdog: ziirave_wdt: check record length in ziirave_firm_verify()



[ Upstream commit 8b61d8ca ]

The "rec->len" value comes from the firmware.  We generally do
trust firmware, but it's always better to double check.  If
the length value is too large it would lead to memory corruption
when we set "data[i] = ret;"

Fixes: 217209db ("watchdog: ziirave_wdt: Add support to upload the firmware.")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Link: https://lore.kernel.org/r/3b58b453f0faa8b968c90523f52c11908b56c346.1748463049.git.dan.carpenter@linaro.org


Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Wim Van Sebroeck <wim@linux-watchdog.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

parent a23fa17e

Show whitespace changes

Inline Side-by-side

CodeLinaro @codelinaro
mentioned in commit f192dc50
· Nov 05, 2025

mentioned in commit f192dc50

mentioned in commit f192dc50530d26d06e0346edf64309124a5c6fa5

Toggle commit list

Please to comment