Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp1005171pxb;
        Wed, 6 Apr 2022 06:31:57 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyPgxBPyFdd6pdyPoLBW3tmo/+Z9Gyr5LeJffIcaBmkAH1j+MWYD1farlGOlR4JggQJcwCr
X-Received: by 2002:a05:6870:204c:b0:da:b3f:2b86 with SMTP id l12-20020a056870204c00b000da0b3f2b86mr3876791oad.293.1649251917068;
        Wed, 06 Apr 2022 06:31:57 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1649251917; cv=none;
        d=google.com; s=arc-20160816;
        b=0ZQ4h+OB1ckLlu4/KwRrNrALxrTu8+FsO1syzW5acOp+vWnQdWQ7STD50UhEAV8jK8
         ZdsappJcg3s5MQEnFtjzAmHFxNXdn5xgHXud00k/kYZKDgK/X9hAFsFzt4igD84bfaG2
         JQFOFLX942AWSZEYbJAsCVENiHv6fMuFtKBZQq1d6gvlp1vkeMgw8ScvDoXoT012NR2z
         RQR+rfpLrsN7crEuHre+yD3uNVt3G7QvcgZ0EHRW5X85tQz5Y7a4qo5NKLrHkt4xySH0
         xgaD88UJEj+M729WRlWLUD1ocAIOm1M1GaR80yegLikC+dmlkI+th/ix5R1S/xM3bQc6
         iDiw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=LHbaIz2+q+5mCI2nABtkXIoRHBWGv4ilEmtzPZ2APxI=;
        b=ns82kFq1K5ZkK0XgzU0iC2EQJJn0ZtI2D1uf5nFa1vpWWtHFALHW5FXekv1gEZ/nUF
         4j41/JXCwAXBtCX3Nn4aD0wqnRsQVbrbMYvOlp27xCOkqUFM/yQk82KHLTG1o+r+LxwK
         hhyp2Hr5pIKHVTCc3YfJ/AxtIx2W0BdTAXIzqfK0BpqiscsC163alQkcvGOsKgtpiLIb
         tOz/gealdNjWqYFu0lvkCdb1CJq8Z9L/HH3MgCztonZL87uGpVM5KKZYo9958F83Gjzg
         6XRx8EVqMfuz7AeQtJRNfVoi9rZXDoEGPEnfBI/zNnVzNyYsrXj0EOaQxOISre/LaOyC
         LLhQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=fmzBSymc;
       spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19])
        by mx.google.com with ESMTPS id c4-20020a9d75c4000000b005cb2fc1380bsi8439030otl.135.2022.04.06.06.31.56
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 06 Apr 2022 06:31:57 -0700 (PDT)
Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=fmzBSymc;
       spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by lindbergh.monkeyblade.net (Postfix) with ESMTP id EAC4A53A7AE;
	Wed,  6 Apr 2022 04:11:04 -0700 (PDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1578487AbiDEXXk (ORCPT <rfc822;02joepater06@gmail.com>
        + 99 others); Tue, 5 Apr 2022 19:23:40 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43208 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1354630AbiDEKO5 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 5 Apr 2022 06:14:57 -0400
Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A88376BDCA;
        Tue,  5 Apr 2022 03:01:40 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id 45B3A61676;
        Tue,  5 Apr 2022 10:01:40 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 520BDC385A2;
        Tue,  5 Apr 2022 10:01:39 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1649152899;
        bh=TOHOU80nAEDJOHOVA9Ggqo7X+R5Neb+VHBK7nnlSFOE=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=fmzBSymc2f13GiJzw/EQ13ujlJ8Acuz0t2KCDR8Are6ww1yhbS0xrNJLN8h/MplD/
         lTtiFvXSoMvM/iMPjZWwP6FwgUDg4WsCnSdc0uDAZiTflWZ5gO276XgA8tmVxnYcAE
         j+5rciAHdzGe0Jb3gPSNLHA9J/yLs0ZGmxtxiqLM=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Anssi Hannula <anssi.hannula@bitwise.fi>,
        Mathias Nyman <mathias.nyman@linux.intel.com>
Subject: [PATCH 5.10 029/599] xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx()
Date:   Tue,  5 Apr 2022 09:25:23 +0200
Message-Id: <20220405070259.689734553@linuxfoundation.org>
X-Mailer: git-send-email 2.35.1
In-Reply-To: <20220405070258.802373272@linuxfoundation.org>
References: <20220405070258.802373272@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE
	autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Anssi Hannula <anssi.hannula@bitwise.fi>

commit 05519b8589a679edb8fa781259893d20bece04ad upstream.

xhci_decode_ctrl_ctx() returns the untouched buffer as-is if both "drop"
and "add" parameters are zero.

Fix the function to return an empty string in that case.

It was not immediately clear from the possible call chains whether this
issue is currently actually triggerable or not.

Note that before commit 4843b4b5ec64 ("xhci: fix even more unsafe memory
usage in xhci tracing") the result effect in the failure case was different
as a static buffer was used here, but the code still worked incorrectly.

Fixes: 90d6d5731da7 ("xhci: Add tracing for input control context")
Cc: stable@vger.kernel.org
Signed-off-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
commit 4843b4b5ec64 ("xhci: fix even more unsafe memory usage in xhci tracing")
Link: https://lore.kernel.org/r/20220303110903.1662404-4-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/usb/host/xhci.h |    2 ++
 1 file changed, 2 insertions(+)

--- a/drivers/usb/host/xhci.h
+++ b/drivers/usb/host/xhci.h
@@ -2458,6 +2458,8 @@ static inline const char *xhci_decode_ct
 	unsigned int	bit;
 	int		ret = 0;
 
+	str[0] = '\0';
+
 	if (drop) {
 		ret = sprintf(str, "Drop:");
 		for_each_set_bit(bit, &drop, 32)