tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

platform/x86: dell_rbu: avoid uninit value usage in packet_size_write()

Ensure the temp value has been properly parsed from the user-provided
buffer and initialized to be used in later operations. While at it,
prefer a convenient kstrtoul() helper.

Found by Linux Verification Center (linuxtesting.org) with Svace static
analysis tool.

Fixes: ad6ce87e5bd4 ("[PATCH] dell_rbu: changes in packet update mechanism")
Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
Link: https://patch.msgid.link/20260403134240.604837-1-pchelkin@ispras.ru
[ij: add include]
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>

authored by

Fedor Pchelkin and committed by
Ilpo Järvinen f8fd138c 5969c55e

+5 -1
+5 -1
drivers/platform/x86/dell/dell_rbu.c
··· 30 30 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 31 31 32 32 #include <linux/init.h> 33 + #include <linux/kstrtox.h> 33 34 #include <linux/module.h> 34 35 #include <linux/slab.h> 35 36 #include <linux/string.h> ··· 620 619 char *buffer, loff_t pos, size_t count) 621 620 { 622 621 unsigned long temp; 622 + 623 + if (kstrtoul(buffer, 10, &temp)) 624 + return -EINVAL; 625 + 623 626 spin_lock(&rbu_data.lock); 624 627 packet_empty_list(); 625 - sscanf(buffer, "%lu", &temp); 626 628 if (temp < 0xffffffff) 627 629 rbu_data.packetsize = temp; 628 630