Le Fri, 18 Mar 2022 20:09:37 +0200, Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx> a écrit : > On Fri, Mar 18, 2022 at 05:49:12PM +0100, Clément Léger wrote: > > Le Fri, 18 Mar 2022 18:26:00 +0200, > > Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx> a écrit : > > > On Fri, Mar 18, 2022 at 05:00:47PM +0100, Clément Léger wrote: > > > > Add fwnode_property_read_string_index() function which allows to > > > > retrieve a string from an array by its index. This function is the > > > > equivalent of of_property_read_string_index() but for fwnode support. > > ... > > > > > + values = kcalloc(nval, sizeof(*values), GFP_KERNEL); > > > > + if (!values) > > > > + return -ENOMEM; > > > > + > > > > + ret = fwnode_property_read_string_array(fwnode, propname, values, nval); > > > > + if (ret < 0) > > > > + goto out; > > > > + > > > > + *string = values[index]; > > > > +out: > > > > + kfree(values); > > > > > > Here is UAF (use after free). How is it supposed to work? > > > > values is an array of pointers. I'm only retrieving a pointer out of > > it. > > I see, thanks for pointing out. > > Nevertheless, I don't like the idea of allocating memory in this case. > Can we rather add a new callback that will provide us the necessary > property directly? > IMHO, it would indeed be better. However, fwnode_property_match_string() also allocates memory to do the same kind of operation. Would you also like a callback for this one ? Thanks, -- Clément Léger, Embedded Linux and Kernel engineer at Bootlin https://bootlin.com
