Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp892343pxb; Wed, 6 Apr 2022 03:26:30 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwoze+47wyMUKHl6lQPPID6QEqcMq81IwrGoYIbOrIzi9JTBGgVXX9+l9t6jVgURv1xqeCB X-Received: by 2002:a17:90b:3904:b0:1c6:c1f8:cbd8 with SMTP id ob4-20020a17090b390400b001c6c1f8cbd8mr8987874pjb.53.1649240790807; Wed, 06 Apr 2022 03:26:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649240790; cv=none; d=google.com; s=arc-20160816; b=j8BfhLwm6gPbHEPEjQOTfbQmW62uhWgC/jmYcYlFukQIj5A8PAyiIyBdO0cBfaOy1Y lioCG4w6FynTTUBZ2+SqzAzD8kYmCAOkEFY+71N9rIbP5DfJmyoMWhMFuXGNf3kUsmHJ SBKupuqZF1bPvRaO7s0iQWuyvPQ6c0gG7sHZI2fwTKA0AO0ePv1zL7RzRU2Jb6IndF4F 83Wcl+iNX7RYIZqOItDNVpCGidtLFIX6Vqg+v87diZRrsuADUaQyTbKMJrlrEJhtc0RE 301NkdAw184qUTiyQ3l5MDxWrarsVKDRyq2t6oq7zLLaPvCa79+hnEaSWLHyHYzJ28CE 3/hA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=ggE3CoPrm/f4wEfOBojLQoE5/nMjWl8Fbt1nQfRaoYw=; b=eMb9FsDH5B59wW+kYeA1ypaLfWncxKGXuCpwsdWTZNeDNZmx6BSJy+W1PP06wBtiid td0BA3bxNNZRYa8pbRT0DAZ1c2lSerGTy/ZR4sAShkY85Kikhi7s7i26sv6XinGuGuet YLJwRd7IhxECbVldlnhsSSti7+Nb1+Q7hjk+XLuS3shomdXElUQFd3IzwZD2yCF0n5Qx Xd4fYiZGEXEN7SaYu8lM1VONpiTNkKlBvKcsxvnwQBqweq4nQYEzGOcUDLsH+M4SaTEF o3HKwvgWkaHNxxD/aTAAxabYAukkJG0i27eelX5t28l/cGHMT7cBuXLwQojZJn0NlcvJ iSoQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=Qkntiv3Q; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id a12-20020a1709027d8c00b00153b2d16511si14579445plm.281.2022.04.06.03.26.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Apr 2022 03:26:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=Qkntiv3Q; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 9FF934BF6A0; Wed, 6 Apr 2022 01:48:03 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232297AbiDEHq3 (ORCPT + 99 others); Tue, 5 Apr 2022 03:46:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34126 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232039AbiDEHoo (ORCPT ); Tue, 5 Apr 2022 03:44:44 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DBC0797B87; Tue, 5 Apr 2022 00:41:13 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 702D46164B; Tue, 5 Apr 2022 07:41:13 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7D2CCC340EE; Tue, 5 Apr 2022 07:41:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1649144472; bh=cJgNiIRKs43WwxcFvB9IigSsDaV6t6vyU5S0AYz5shw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Qkntiv3QT2AxXHBtF510/wrA4xOUR1BOVzEcPhqEGgYBfPW0m46TKvv4FAmx9b3Z5 3+6Qr78Rb57LXmkRinwQp+p4vLtTjmObos+2pglsWoJtc6HOPodRJywqA4IrQPOk7G 8i4r7Tkx+PWsD/SOLtDmfGvCQDB4MUM7PhvUvpaU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Anssi Hannula , Mathias Nyman Subject: [PATCH 5.17 0018/1126] xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx() Date: Tue, 5 Apr 2022 09:12:45 +0200 Message-Id: <20220405070408.078203683@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220405070407.513532867@linuxfoundation.org> References: <20220405070407.513532867@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Anssi Hannula commit 05519b8589a679edb8fa781259893d20bece04ad upstream. xhci_decode_ctrl_ctx() returns the untouched buffer as-is if both "drop" and "add" parameters are zero. Fix the function to return an empty string in that case. It was not immediately clear from the possible call chains whether this issue is currently actually triggerable or not. Note that before commit 4843b4b5ec64 ("xhci: fix even more unsafe memory usage in xhci tracing") the result effect in the failure case was different as a static buffer was used here, but the code still worked incorrectly. Fixes: 90d6d5731da7 ("xhci: Add tracing for input control context") Cc: stable@vger.kernel.org Signed-off-by: Anssi Hannula Signed-off-by: Mathias Nyman commit 4843b4b5ec64 ("xhci: fix even more unsafe memory usage in xhci tracing") Link: https://lore.kernel.org/r/20220303110903.1662404-4-mathias.nyman@linux.intel.com Signed-off-by: Greg Kroah-Hartman --- drivers/usb/host/xhci.h | 2 ++ 1 file changed, 2 insertions(+) --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -2470,6 +2470,8 @@ static inline const char *xhci_decode_ct unsigned int bit; int ret = 0; + str[0] = '\0'; + if (drop) { ret = sprintf(str, "Drop:"); for_each_set_bit(bit, &drop, 32)