The return value of strrchr() could be NULL, which will cause invalid
offset in (int)(p - name). So we check it here.
Signed-off-by: Li Zhong <[email protected]>
---
drivers/base/auxiliary.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/base/auxiliary.c b/drivers/base/auxiliary.c
index 8c5e65930617..2ec0306bfba3 100644
--- a/drivers/base/auxiliary.c
+++ b/drivers/base/auxiliary.c
@@ -191,6 +191,8 @@ static int auxiliary_uevent(struct device *dev, struct kobj_uevent_env *env)
name = dev_name(dev);
p = strrchr(name, '.');
+ if (!p)
+ return -EINVAL;
return add_uevent_var(env, "MODALIAS=%s%.*s", AUXILIARY_MODULE_PREFIX,
(int)(p - name), name);
--
2.25.1
On Sat, Sep 03, 2022 at 05:51:56PM -0700, Li Zhong wrote:
> The return value of strrchr() could be NULL, which will cause invalid
> offset in (int)(p - name). So we check it here.
>
> Signed-off-by: Li Zhong <[email protected]>
> ---
> drivers/base/auxiliary.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/base/auxiliary.c b/drivers/base/auxiliary.c
> index 8c5e65930617..2ec0306bfba3 100644
> --- a/drivers/base/auxiliary.c
> +++ b/drivers/base/auxiliary.c
> @@ -191,6 +191,8 @@ static int auxiliary_uevent(struct device *dev, struct kobj_uevent_env *env)
>
> name = dev_name(dev);
> p = strrchr(name, '.');
> + if (!p)
> + return -EINVAL;
How can that ever happen? For what device will that be triggered?
And again, please follow Documentation/process/researcher-guidelines.rst