49d736313d
In function size_from_channelarray(), the return value 'bytes' is defined as int type. However, the calcution of 'bytes' in this function is designed to use the unsigned int type. So it is necessary to change 'bytes' type to unsigned int to avoid integer overflow. The size_from_channelarray() is called in main() function, its return value is directly multipled by 'buf_len' and then used as the malloc() parameter. The 'buf_len' is completely controllable by user, thus a multiplication overflow may occur here. This could allocate an unexpected small area. Signed-off-by: Chenyuan Mi <michenyuan@huawei.com> Link: https://lore.kernel.org/r/20230725092407.62545-1-michenyuan@huawei.com Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> |
||
---|---|---|
.. | ||
.gitignore | ||
Build | ||
iio_event_monitor.c | ||
iio_generic_buffer.c | ||
iio_utils.c | ||
iio_utils.h | ||
lsiio.c | ||
Makefile |