projects / platform / kernel / linux-starfive.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 39c29d0)
kconfig: fix possible buffer overflow
authorKonstantin Meskhidze <konstantin.meskhidze@huawei.com>
Tue, 5 Sep 2023 09:59:14 +0000 (17:59 +0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 19 Sep 2023 10:27:59 +0000 (12:27 +0200)
[ Upstream commit a3b7039bb2b22fcd2ad20d59c00ed4e606ce3754 ]

Buffer 'new_argv' is accessed without bound check after accessing with
bound check via 'new_argc' index.

Fixes: e298f3b49def ("kconfig: add built-in function support")
Co-developed-by: Ivanov Mikhail <ivanov.mikhail1@huawei-partners.com>
Signed-off-by: Konstantin Meskhidze <konstantin.meskhidze@huawei.com>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
scripts/kconfig/preprocess.c patch | blob | history

diff --git a/scripts/kconfig/preprocess.c b/scripts/kconfig/preprocess.c
index 748da57..d1f5bcf 100644 (file)
--- a/scripts/kconfig/preprocess.c
+++ b/scripts/kconfig/preprocess.c
@@ -396,6 +396,9 @@ static char *eval_clause(const char *str, size_t len, int argc, char *argv[])
 
                p++;
        }
+
+       if (new_argc >= FUNCTION_MAX_ARGS)
+               pperror("too many function arguments");
        new_argv[new_argc++] = prev;
 
        /*
Domain: System / Kernel;