linux/drivers/mtd
Richard Genoud 36de807400 mtd: nand: atmel: fix buffer overflow in atmel_pmecc_user
When calculating the size needed by struct atmel_pmecc_user *user,
the dmu and delta buffer sizes were forgotten.
This lead to a memory corruption (especially with a large ecc_strength).

Link: http://lkml.kernel.org/r/1506503157.3016.5.camel@gmail.com
Fixes: f88fc122cc ("mtd: nand: Cleanup/rework the atmel_nand driver")
Cc: stable@vger.kernel.org
Reported-by: Richard Genoud <richard.genoud@gmail.com>
Pointed-at-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Signed-off-by: Richard Genoud <richard.genoud@gmail.com>
Reviewed-by: Nicolas Ferre <nicolas.ferre@microchip.com>
Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
2017-09-27 17:33:28 +02:00
..
chips mtd: cfi_cmdset_0020: Drop unnecessary static 2017-05-11 11:49:20 -07:00
devices This pull request contains the following core changes: 2017-09-01 15:34:30 +02:00
lpddr mtd: lpddr: show parent device in sysfs 2015-10-13 09:21:17 -07:00
maps Merge branch '4.14-features' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2017-09-15 20:43:33 -07:00
nand mtd: nand: atmel: fix buffer overflow in atmel_pmecc_user 2017-09-27 17:33:28 +02:00
onenand mtd: silence some uninitialized variable warnings 2016-07-09 18:14:39 -07:00
parsers mtd: parsers: trx: fix pr_err format for printing offset 2017-06-23 10:47:54 -07:00
spi-nor mtd: spi-nor: fix DMA unsafe buffer issue in spi_nor_read_sfdp() 2017-09-18 09:53:27 +02:00
tests mtd: nand: Rename nand.h into rawnand.h 2017-08-13 10:11:49 +02:00
ubi UBI: Fix two typos in comments 2017-09-13 22:05:30 +02:00
afs.c mtd: partitions: make parsers return 'const' partition arrays 2015-12-09 10:21:57 -08:00
ar7part.c mtd: partitions: make parsers return 'const' partition arrays 2015-12-09 10:21:57 -08:00
bcm47xxpart.c mtd: extract TRX parser out of bcm47xxpart into a separated module 2017-06-22 13:13:10 -07:00
bcm63xxpart.c mtd: bcm63xxpart: give width specifier an 'int', not 'size_t' 2016-03-07 13:13:58 -08:00
cmdlinepart.c mtd: partitions: make parsers return 'const' partition arrays 2015-12-09 10:21:57 -08:00
ftl.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
inftlcore.c mtd: nand: Rename nand.h into rawnand.h 2017-08-13 10:11:49 +02:00
inftlmount.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
Kconfig mtd: extract TRX parser out of bcm47xxpart into a separated module 2017-06-22 13:13:10 -07:00
Makefile mtd: extract TRX parser out of bcm47xxpart into a separated module 2017-06-22 13:13:10 -07:00
mtd_blkdevs.c mtd: blkdevs: Fix mtd block write failure 2017-08-12 14:53:24 -07:00
mtdblock_ro.c
mtdblock.c mtd: mtdblock: remove the needless mtdblks_lock 2015-01-07 12:51:56 -08:00
mtdchar.c mtd: Fix typo: "occured" -> "occurred" 2017-02-08 14:24:57 -08:00
mtdconcat.c mtd: create an mtd_ooblayout_ops struct to ease ECC layout definition 2016-04-19 22:05:55 +02:00
mtdcore.c mtd: make device_type const 2017-08-21 14:33:50 +02:00
mtdcore.h mtd: partitions: support a cleanup callback for parsers 2015-12-09 14:57:44 -08:00
mtdoops.c
mtdpart.c mtd: Fix partition alignment check on multi-erasesize devices 2017-09-27 13:53:20 +02:00
mtdsuper.c fs: Remove SB_I_DYNBDI flag 2017-04-20 12:09:55 -06:00
mtdswap.c mtd: mtdswap: remove unused variables 'dev' and 'gd' 2017-07-24 17:04:33 -07:00
nftlcore.c mtd: nand: Rename nand.h into rawnand.h 2017-08-13 10:11:49 +02:00
nftlmount.c mtd: nand: Rename nand.h into rawnand.h 2017-08-13 10:11:49 +02:00
ofpart.c mtd: Convert to using %pOF instead of full_name 2017-08-15 14:00:43 +02:00
redboot.c mtd: partitions: make parsers return 'const' partition arrays 2015-12-09 10:21:57 -08:00
rfd_ftl.c
sm_ftl.c treewide: Fix typos in printk 2016-04-18 11:23:24 +02:00
sm_ftl.h
ssfdc.c mtd: nand: Rename nand.h into rawnand.h 2017-08-13 10:11:49 +02:00