Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp2195443pxf; Sat, 27 Mar 2021 05:08:00 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz/hCJKUvFVCwglJTRnajGxHOv8iRqZPGhqwmN9HwhZTGtPLnjHmcVKqm9LkbdhIazQWzCd X-Received: by 2002:a50:d753:: with SMTP id i19mr19915181edj.43.1616846880709; Sat, 27 Mar 2021 05:08:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1616846880; cv=none; d=google.com; s=arc-20160816; b=a9x0IJHeWzTPwD7t4iJJbBK1A020U0bKUzDjadoRSOnS17qjok6FjnDcyZOYIXRpwV FO9pbsRPqrJL7Er1RfbnC1nllkxx951UpB1M7M8xImYefkk1wVS2M2n0uX4floLp+Bl7 /Hp9uqj/djqijV8juvNfTE58rTYWS9uk5eLouMHAagzcaS2vnrkBMLjzTm05AqOgTg0B SbozyjOMP5993EMJwHiCrcx8vOXIRJdwF2KCnFBxVIA80sWfroIz6ohfS6OD+XBasYjd RFqHBTTSPLv4E2lvj0ZcOOwIUlOxh2evz5wHLWt9NJ5FeKWvA/yizbjTMHNWgZLomzG3 +12g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=0aIZi31FfAHZDCEzW6dalMkC3DR/WZt5CrpN7id1syo=; b=Bob++5fH740uUtrb6q6xWK7YAL2cq30HRabVYe7OS/5Q779NMksbo9UM/+GDXcDDyB K++dDtiQdpiFsF9H1k5OM/gG78YpmfQVkgppxPrlGMJOj2quWKH4tAFRyLRG1L5NnFnq W1yoeFB9kEAU6w7yyZJWDWpAgLBg2o+SWQnhdPLipRAGGz/cWtL/vFNd0O+01QhcIvob QFNWabb65FuFSDe3Xnw0TwLJRll6sZYrtKVRAOK4pqeoTxdQcvXx5X13Gi71cthAGapd 8OnpctHlv2fNwmap8KEz1lDdenrvE+NCBAMl1llSqUaLNb3rkh2sxRs8SmReZTuJ2guV PQuA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ionic.de header.s=default header.b=Mog68HLY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e1si8931483ejq.139.2021.03.27.05.07.37; Sat, 27 Mar 2021 05:08:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@ionic.de header.s=default header.b=Mog68HLY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230030AbhC0MHL (ORCPT + 99 others); Sat, 27 Mar 2021 08:07:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47126 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229627AbhC0MHK (ORCPT ); Sat, 27 Mar 2021 08:07:10 -0400 X-Greylist: delayed 301 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Sat, 27 Mar 2021 05:07:10 PDT Received: from mail.ionic.de (ionic.de [IPv6:2001:41d0:a:588b:1::2]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 0D266C0613B1 for ; Sat, 27 Mar 2021 05:07:09 -0700 (PDT) Authentication-Results: root24.eu; spf=softfail (domain owner discourages use of this host) smtp.mailfrom=ionic.de (client-ip=217.92.117.31; helo=home.ionic.de; envelope-from=ionic@ionic.de; receiver=) Received: from apgunner.local.home.ionic.de (home.ionic.de [217.92.117.31]) by mail.ionic.de (Postfix) with ESMTPSA id 617A84F0046D; Sat, 27 Mar 2021 12:02:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ionic.de; s=default; t=1616846524; bh=UDJiICivjlIFip4eTmVwvTpv10gRaEyo1mLgK8dTWlg=; h=From:To:Cc:Subject:Date:From; b=Mog68HLYQ/eTXZ8VpnxG7iiXRv9Dc/67VuQ3EDcHXVCMezWofCxybt0Y5LkNXX/B6 zqIWylPhRwR7PKH8Q2gxmz//P6qoHF5D5JBwQpTYd2B4E77T5suMueUz2I1AxFI4WC cQxyFKUbDCX4/5RALi5ll39WIh8rBLF/5o0OYXSU= From: Mihai Moldovan To: Masahiro Yamada Cc: linux-kernel@vger.kernel.org Subject: [PATCH] kconfig: nconf: stop endless search-up loops Date: Sat, 27 Mar 2021 13:01:55 +0100 Message-Id: <20210327120155.500-1-ionic@ionic.de> X-Mailer: git-send-email 2.30.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org If the user selects the very first entry in a page and performs a search-up operation (e.g., via [/][a][Up Arrow]), nconf will never terminate searching the page. The reason is that in this case, the starting point will be set to -1, which is then translated into (n - 1) (i.e., the last entry of the page) and finally the search begins. This continues to work fine until the index reaches 0, at which point it will be decremented to -1, but not checked against the starting point right away. Instead, it's wrapped around to the bottom again, after which the starting point check occurs... and naturally fails. We can easily avoid it by checking against the starting point directly if the current index is -1 (which should be safe, since it's the only magic value that can occur) and terminate the matching function. Amazingly, nobody seems to have been hit by this for 11 years - or at the very least nobody bothered to debug and fix this. Signed-off-by: Mihai Moldovan --- scripts/kconfig/nconf.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/scripts/kconfig/nconf.c b/scripts/kconfig/nconf.c index e0f965529166..92a5403d8afa 100644 --- a/scripts/kconfig/nconf.c +++ b/scripts/kconfig/nconf.c @@ -515,6 +515,15 @@ static int get_mext_match(const char *match_str, match_f flag) --index; else ++index; + /* + * It's fine for index to become negative - think of an + * initial value for match_start of 0 with a match direction + * of up, eventually making it -1. + * + * Handle this as a special case. + */ + if ((-1 == index) && (index == match_start)) + return -1; index = (index + items_num) % items_num; if (index == match_start) return -1; -- 2.30.1