On Fri, Jul 12, 2024 at 11:51:06AM +0200, Richard Weinberger wrote: > Am Freitag, 12. Juli 2024, 11:46:08 CEST schrieb 'Heinrich Schuchardt' via > upstream: > > Am 12. Juli 2024 10:24:54 MESZ schrieb Richard Weinberger <[email protected]>: > > >Make sure that tm_mday and tm_mon are within the expected > > >range. Upper layers such as rtc_calc_weekday() will use > > >them as lookup keys for arrays and this can cause out of > > >bounds memory accesses. > > > > rtc_calc_weekday() might receive invalid input from other sources. > > Shouldn't the function always validate its input before array access? > > It depends on the overall design. > Functions like strlen() also assume that you provide a valid string, > so rtc_calc_weekday() can assume too that the passed rtc_time structure > contains valid data. > > In doubt, let's fix both FAT and rtc_calc_weekday().
Well, we care about size growth when at all possible. So what if we don't sanity check in each FS, but just in rtc_calc_weekday() and make sure callers handle errors? -- Tom
signature.asc
Description: PGP signature
