Re: [PATCH v5] w1: therm: Fix off-by-one buffer overflow in alarms_store

18 Dec 2025


      On Tue, 16 Dec 2025 15:50:03 +0100, Thorsten Blum wrote:
...
The sysfs buffer passed to alarms_store() is allocated with 'size + 1'
bytes and a NUL terminator is appended. However, the 'size' argument
does not account for this extra byte. The original code then allocated
'size' bytes and used strcpy() to copy 'buf', which always writes one
byte past the allocated buffer since strcpy() copies until the NUL
terminator at index 'size'.
[...]
Applied, thanks!
[1/1] w1: therm: Fix off-by-one buffer overflow in alarms_store
      https://git.kernel.org/krzk/linux-w1/c/761fcf46a1bd797bd32d23f3ea0141ffd4376...
Best regards,
-- 
Krzysztof Kozlowski krzk@kernel.org

2025

2024

2023

2022

2021

2020

2019

2018

2017

Re: [PATCH v5] w1: therm: Fix off-by-one buffer overflow in alarms_store