Re: [PATCH] sound: soc: wcd934x: fix an incorrect use of kstrndup()

Amadeusz Sławiński <amadeuszx.slawinski@xxxxxxxxxxxxxxx> · Thu, 1 Feb 2024 10:04:23 +0100

On 1/30/2024 4:43 PM, Mark Brown wrote:
On Thu, 18 Jan 2024 15:52:49 +0800, Fullway Wang wrote:
In wcd934x_codec_enable_dec(), kstrndup() is used to alloc memory.
However, kmemdup_nul() should be used instead with the size known.

This is similar to CVE-2019-12454 which was fixed in commit
a549881.

[...]

Applied to

    https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git for-next

Thanks!

Hi,

Mark, my other comment was meant to stop this patch from being applied 
;), perhaps I could have been more clear? kmemdup_nul() in this case 
will copy bytes behind the end of widget name when copying. Widgets to 
which it applies are named: "ADX MUX0", "ADC MUX1" and so on, until "ADC 
MUX 8", which is 10 bytes including '\0', and kmemdup_nul() will copy 15 
using memcpy().

Follow-Ups:

Re: [PATCH] sound: soc: wcd934x: fix an incorrect use of kstrndup()
From: Mark Brown

References:

[PATCH] sound: soc: wcd934x: fix an incorrect use of kstrndup()
From: Fullway Wang
Re: [PATCH] sound: soc: wcd934x: fix an incorrect use of kstrndup()
From: Mark Brown

Prev by Date:
Re: [PATCH 1/3] ALSA: pcm: Add missing formats to formats list

Next by Date:
Re: [PATCH v2 00/13] of: property: add port base loop

Previous by thread:
Re: [PATCH] sound: soc: wcd934x: fix an incorrect use of kstrndup()

Next by thread:
Re: [PATCH] sound: soc: wcd934x: fix an incorrect use of kstrndup()

Index(es):

Date
Thread

[Index of Archives]

[Pulseaudio]

[Linux Audio Users]

[ALSA Devel]

[Fedora Desktop]

[Fedora SELinux]

[Big List of Linux Books]

[Yosemite News]

[KDE Users]