Skip to content

Commit

Permalink
kconfig: fix possible buffer overflow
Browse files Browse the repository at this point in the history 
[ Upstream commit a3b7039 ]

Buffer 'new_argv' is accessed without bound check after accessing with
bound check via 'new_argc' index.

Fixes: e298f3b ("kconfig: add built-in function support")
Co-developed-by: Ivanov Mikhail <ivanov.mikhail1@huawei-partners.com>
Signed-off-by: Konstantin Meskhidze <konstantin.meskhidze@huawei.com>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
  • Loading branch information
@BoardzMaster @gregkh
BoardzMaster authored and gregkh committed Sep 19, 2023
1 parent 39c29d0 commit 8ab5942
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions scripts/kconfig/preprocess.c
View file
Expand Up @@ -396,6 +396,9 @@ static char *eval_clause(const char *str, size_t len, int argc, char *argv[])

p++;
}

if (new_argc >= FUNCTION_MAX_ARGS)
pperror("too many function arguments");
new_argv[new_argc++] = prev;

/*
Expand Down

0 comments on commit 8ab5942

Please sign in to comment.