On 12/14/21 4:25 PM, Miaoqian Lin wrote:
In wcd934x_codec_enable_dec(), widget_name is allocated by kstrndup().
However, according to doc: "Note: Use kmemdup_nul() instead if the size
is known exactly." So we should use kmemdup_nul() here instead of
kstrndup(). It's similar to CVE-2019-12454.
Signed-off-by: Miaoqian Lin <linmq006@xxxxxxxxx>
---
sound/soc/codecs/wcd934x.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/soc/codecs/wcd934x.c b/sound/soc/codecs/wcd934x.c
index e63c6b723d76..c6677cfbce59 100644
--- a/sound/soc/codecs/wcd934x.c
+++ b/sound/soc/codecs/wcd934x.c
@@ -5005,7 +5005,7 @@ static int wcd934x_codec_enable_dec(struct snd_soc_dapm_widget *w,
char *dec;
u8 hpf_coff_freq;
- widget_name = kstrndup(w->name, 15, GFP_KERNEL);
+ widget_name = kmemdup_nul(w->name, 15, GFP_KERNEL);
I'm wondering if it isn't better to re-structure the code to not
allocate any memory.
something like
ret = sscan(w->name, "ADC MUX%d", &decimator);
if (ret != 1)
...
