On Thu, 18 Jan 2024 15:52:49 +0800, Fullway Wang wrote:
> In wcd934x_codec_enable_dec(), kstrndup() is used to alloc memory.
> However, kmemdup_nul() should be used instead with the size known.
>
> This is similar to CVE-2019-12454 which was fixed in commit
> a549881.
>
>
> [...]
Applied to
https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git for-next
Thanks!
[1/1] sound: soc: wcd934x: fix an incorrect use of kstrndup()
commit: eeab239d6a2418fc5d2cd7ea76187085a97acde0
All being well this means that it will be integrated into the linux-next
tree (usually sometime in the next 24 hours) and sent to Linus during
the next merge window (or sooner if it is a bug fix), however if
problems are discovered then the patch may be dropped or reverted.
You may get further e-mails resulting from automated or manual testing
and review of the tree, please engage with people reporting problems and
send followup patches addressing any issues that are reported if needed.
If any updates are required or you are submitting further changes they
should be sent as incremental updates against current git, existing
patches will not be replaced.
Please add any relevant lists and maintainers to the CCs when replying
to this mail.
Thanks,
Mark
On 1/30/2024 4:43 PM, Mark Brown wrote:
> On Thu, 18 Jan 2024 15:52:49 +0800, Fullway Wang wrote:
>> In wcd934x_codec_enable_dec(), kstrndup() is used to alloc memory.
>> However, kmemdup_nul() should be used instead with the size known.
>>
>> This is similar to CVE-2019-12454 which was fixed in commit
>> a549881.
>>
>>
>> [...]
>
> Applied to
>
> https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git for-next
>
> Thanks!
>
Hi,
Mark, my other comment was meant to stop this patch from being applied
;), perhaps I could have been more clear? kmemdup_nul() in this case
will copy bytes behind the end of widget name when copying. Widgets to
which it applies are named: "ADX MUX0", "ADC MUX1" and so on, until "ADC
MUX 8", which is 10 bytes including '\0', and kmemdup_nul() will copy 15
using memcpy().
On Thu, Feb 01, 2024 at 10:04:23AM +0100, Amadeusz Sławiński wrote:
> Mark, my other comment was meant to stop this patch from being applied ;),
> perhaps I could have been more clear? kmemdup_nul() in this case will copy
Your comment appeared to be a complaint about the existing code being
bad which sure but not a blocker to a minor fix.