Re: [PATCH next] ACPI: APEI: EINJ: prevent memory corruption in error_type_set()

From: Ira Weiny
Date: Wed Jun 25 2025 - 17:20:06 EST

Next message: Danilo Krummrich: "Re: [PATCH v3 2/2] rust: support align and NUMA id in allocations"
Previous message: Nicolin Chen: "Re: [PATCH v6 13/25] iommufd: Add mmap interface"
In reply to: Dan Carpenter: "[PATCH next] ACPI: APEI: EINJ: prevent memory corruption in error_type_set()"
Next in thread: Rafael J. Wysocki: "Re: [PATCH next] ACPI: APEI: EINJ: prevent memory corruption in error_type_set()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dan Carpenter wrote:
> The "einj_buf" buffer is 32 chars. If "count" is larger than that it
> results in memory corruption. Cap it at 31 so that we leave the last
> character as a NUL terminator. By the way, the highest reasonable value
> for "count" is 24.
>
> Fixes: 0c6176e1e186 ("ACPI: APEI: EINJ: Enable the discovery of EINJv2 capabilities")
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>

Reviewed-by: Ira Weiny <ira.weiny@xxxxxxxxx>

[snip]

Next message: Danilo Krummrich: "Re: [PATCH v3 2/2] rust: support align and NUMA id in allocations"
Previous message: Nicolin Chen: "Re: [PATCH v6 13/25] iommufd: Add mmap interface"
In reply to: Dan Carpenter: "[PATCH next] ACPI: APEI: EINJ: prevent memory corruption in error_type_set()"
Next in thread: Rafael J. Wysocki: "Re: [PATCH next] ACPI: APEI: EINJ: prevent memory corruption in error_type_set()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]