mirror of
https://github.com/torvalds/linux.git
synced 2024-12-14 07:02:23 +00:00
d24b03535e
syzbot reported the following uninit-value access issue [1][2]:
nci_rx_work() parses and processes received packet. When the payload
length is zero, each message type handler reads uninitialized payload
and KMSAN detects this issue. The receipt of a packet with a zero-size
payload is considered unexpected, and therefore, such packets should be
silently discarded.
This patch resolved this issue by checking payload size before calling
each message type handler codes.
Fixes:
|
||
---|---|---|
.. | ||
core.c | ||
data.c | ||
hci.c | ||
Kconfig | ||
lib.c | ||
Makefile | ||
ntf.c | ||
rsp.c | ||
spi.c | ||
uart.c |