From: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com>
To: Linus Walleij <linusw@kernel.org>,
Bartosz Golaszewski <brgl@kernel.org>,
Kent Gibson <warthog618@gmail.com>, 4fqr <4fqr@proton.me>,
Vincent Fazio <vfazio@xes-inc.com>
Cc: linux-gpio@vger.kernel.org,
Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com>
Subject: [PATCH libgpiod 03/14] core: fix 1-byte buffer over-read bugs in gpiod_chip_info_from_uapi()
Date: Tue, 07 Apr 2026 14:49:54 +0200 [thread overview]
Message-ID: <20260407-treewide-fixes-v1-3-66c9744a56a3@oss.qualcomm.com> (raw)
In-Reply-To: <20260407-treewide-fixes-v1-0-66c9744a56a3@oss.qualcomm.com>
The copy in gpiod_chip_info_from_uapi() uses sizeof(info->name) = 33 as
the strncpy length while it should read at most GPIO_MAX_NAME_SIZE = 32.
Same for info->label. 33 is the size of the target buffer where we
allocate an additional byte for the NULL-terminator. Limit the number of
read bytes to the correct value.
Fixes: b7ba732e6a93 ("treewide: libgpiod v2 implementation")
Reported-by: 4fqr <4fqr@proton.me>
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com>
---
lib/chip-info.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lib/chip-info.c b/lib/chip-info.c
index 2d9f44d1778e29fda05cf7cf7fa5d67d979d58fd..6b55197f96b78ea66559394e4e788c4263ede5a0 100644
--- a/lib/chip-info.c
+++ b/lib/chip-info.c
@@ -57,7 +57,7 @@ gpiod_chip_info_from_uapi(struct gpiochip_info *uapi_info)
* GPIO device must have a name - don't bother checking this field. In
* the worst case (would have to be a weird kernel bug) it'll be empty.
*/
- strncpy(info->name, uapi_info->name, sizeof(info->name));
+ strncpy(info->name, uapi_info->name, GPIO_MAX_NAME_SIZE);
/*
* The kernel sets the label of a GPIO device to "unknown" if it
@@ -65,9 +65,9 @@ gpiod_chip_info_from_uapi(struct gpiochip_info *uapi_info)
* we got an empty string, do the same.
*/
if (uapi_info->label[0] == '\0')
- strncpy(info->label, "unknown", sizeof(info->label));
+ strncpy(info->label, "unknown", GPIO_MAX_NAME_SIZE);
else
- strncpy(info->label, uapi_info->label, sizeof(info->label));
+ strncpy(info->label, uapi_info->label, GPIO_MAX_NAME_SIZE);
return info;
}
--
2.47.3
next prev parent reply other threads:[~2026-04-07 12:51 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-07 12:49 [PATCH libgpiod 00/14] libgpiod: assortment of fixes Bartosz Golaszewski
2026-04-07 12:49 ` [PATCH libgpiod 01/14] bindings: python: fix heap-buffer overflow bugs on setting/getting values Bartosz Golaszewski
2026-04-07 12:49 ` [PATCH libgpiod 02/14] bindings: python: remove duplicated edge detection setting Bartosz Golaszewski
2026-04-07 12:49 ` Bartosz Golaszewski [this message]
2026-04-07 12:49 ` [PATCH libgpiod 04/14] core: fix parameter type in gpiod_line_mask_test_bit() Bartosz Golaszewski
2026-04-07 12:49 ` [PATCH libgpiod 05/14] core: store debounce_period_us with correct type Bartosz Golaszewski
2026-04-07 12:49 ` [PATCH libgpiod 06/14] core: check the value of num_lines returned by the kernel Bartosz Golaszewski
2026-04-07 12:49 ` [PATCH libgpiod 07/14] tools: reject "u" as period unit specifier Bartosz Golaszewski
2026-04-07 12:49 ` [PATCH libgpiod 08/14] tools: fix an integer overflow bug in parse_period() Bartosz Golaszewski
2026-04-07 12:50 ` [PATCH libgpiod 09/14] tools: gpionotify: fix memory leak on every event read Bartosz Golaszewski
2026-04-07 12:50 ` [PATCH libgpiod 10/14] tools: gpionotify: add the missing return value check for calloc() Bartosz Golaszewski
2026-04-07 12:50 ` [PATCH libgpiod 11/14] tools: gpionotify: free pollfds on exit() Bartosz Golaszewski
2026-04-07 12:50 ` [PATCH libgpiod 12/14] tools: gpionotify: don't leak info returned by gpiod_chip_watch_line_info() Bartosz Golaszewski
2026-04-07 12:50 ` [PATCH libgpiod 13/14] tools: gpioinfo: use correct function to free the resolver Bartosz Golaszewski
2026-04-07 12:50 ` [PATCH libgpiod 14/14] dbus: manager: use the correct loop counter in error path Bartosz Golaszewski
2026-04-08 11:45 ` [PATCH libgpiod 00/14] libgpiod: assortment of fixes Vincent Fazio
2026-04-08 16:03 ` Vincent Fazio
2026-04-08 16:20 ` 4fqr
2026-04-09 7:32 ` Bartosz Golaszewski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260407-treewide-fixes-v1-3-66c9744a56a3@oss.qualcomm.com \
--to=bartosz.golaszewski@oss.qualcomm.com \
--cc=4fqr@proton.me \
--cc=brgl@kernel.org \
--cc=linusw@kernel.org \
--cc=linux-gpio@vger.kernel.org \
--cc=vfazio@xes-inc.com \
--cc=warthog618@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).