[PATCH] ARM: setup: NUL-terminate the fpe= emulator type

Next message: Vasileios Almpanis: "Re: [PATCH 1/2] net: fix skb_ext_total_length() BUILD_BUG_ON with CONFIG_GCOV_PROFILE_ALL"
Previous message: Krzysztof Kozlowski: "Re: [PATCH v2 1/2] dt-bindings: hwmon/pmbus: Add Infineon XDP720"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Pengpeng Hou

Date: Thu Apr 02 2026 - 10:15:22 EST

fpe_setup() copies the boot-time fpe= value into fpe_type[8] with a
raw 8-byte memcpy(). The NWFPE path later checks that value with
strcmp() to decide whether to install the emulator.

If the command line provides an 8-byte fpe= value, fpe_type is left
without a trailing NUL and strcmp() reads past the end of the array.

Store the option with strscpy() and leave room for the terminator.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Pengpeng Hou <pengpeng@xxxxxxxxxxx>
---
arch/arm/kernel/setup.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c
index 0bfd66c7ada0..815a53a8584d 100644
--- a/arch/arm/kernel/setup.c
+++ b/arch/arm/kernel/setup.c
@@ -24,6 +24,7 @@
#include <linux/interrupt.h>
#include <linux/smp.h>
#include <linux/proc_fs.h>
+#include <linux/string.h>
#include <linux/memblock.h>
#include <linux/bug.h>
#include <linux/compiler.h>
@@ -65,11 +66,11 @@

#if defined(CONFIG_FPE_NWFPE) || defined(CONFIG_FPE_FASTFPE)
-char fpe_type[8];
+char fpe_type[9];

static int __init fpe_setup(char *line)
{
- memcpy(fpe_type, line, 8);
+ strscpy(fpe_type, line, sizeof(fpe_type));
return 1;
}

--
2.50.1 (Apple Git-155)