Re: [PATCH] sound: soc: wcd934x: fix an incorrect use of kstrndup()

From: Amadeusz Sławiński
Date: Thu Feb 01 2024 - 04:04:36 EST

Next message: Marco Elver: "[PATCH -mm v2] stackdepot: fix -Wstringop-overflow warning"
Previous message: Jiri Slaby: "This is classified as spam [was: [PATCH] tty: fix atomicity violation in n_tty_read]"
Next in thread: Mark Brown: "Re: [PATCH] sound: soc: wcd934x: fix an incorrect use of kstrndup()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 1/30/2024 4:43 PM, Mark Brown wrote:

On Thu, 18 Jan 2024 15:52:49 +0800, Fullway Wang wrote:

In wcd934x_codec_enable_dec(), kstrndup() is used to alloc memory.
However, kmemdup_nul() should be used instead with the size known.

This is similar to CVE-2019-12454 which was fixed in commit
a549881.

[...]

Applied to

https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git for-next

Thanks!

Hi,

Mark, my other comment was meant to stop this patch from being applied ;), perhaps I could have been more clear? kmemdup_nul() in this case will copy bytes behind the end of widget name when copying. Widgets to which it applies are named: "ADX MUX0", "ADC MUX1" and so on, until "ADC MUX 8", which is 10 bytes including '\0', and kmemdup_nul() will copy 15 using memcpy().

Next message: Marco Elver: "[PATCH -mm v2] stackdepot: fix -Wstringop-overflow warning"
Previous message: Jiri Slaby: "This is classified as spam [was: [PATCH] tty: fix atomicity violation in n_tty_read]"
Next in thread: Mark Brown: "Re: [PATCH] sound: soc: wcd934x: fix an incorrect use of kstrndup()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]