From: Konstantin Meskhidze <konstantin.meskhidze@huawei.com>
Date: Tue, 5 Sep 2023 09:59:14 +0000 (+0800)
Subject: kconfig: fix possible buffer overflow
X-Git-Tag: v6.6.7~1969^2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=a3b7039bb2b22fcd2ad20d59c00ed4e606ce3754;p=platform%2Fkernel%2Flinux-starfive.git

kconfig: fix possible buffer overflow

Buffer 'new_argv' is accessed without bound check after accessing with
bound check via 'new_argc' index.

Fixes: e298f3b49def ("kconfig: add built-in function support")
Co-developed-by: Ivanov Mikhail <ivanov.mikhail1@huawei-partners.com>
Signed-off-by: Konstantin Meskhidze <konstantin.meskhidze@huawei.com>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
---

diff --git a/scripts/kconfig/preprocess.c b/scripts/kconfig/preprocess.c
index 748da57..d1f5bcf 100644
--- a/scripts/kconfig/preprocess.c
+++ b/scripts/kconfig/preprocess.c
@@ -396,6 +396,9 @@ static char *eval_clause(const char *str, size_t len, int argc, char *argv[])
 
 		p++;
 	}
+
+	if (new_argc >= FUNCTION_MAX_ARGS)
+		pperror("too many function arguments");
 	new_argv[new_argc++] = prev;
 
 	/*