Le Fri, 18 Mar 2022 18:26:00 +0200, Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx> a écrit : > On Fri, Mar 18, 2022 at 05:00:47PM +0100, Clément Léger wrote: > > Add fwnode_property_read_string_index() function which allows to > > retrieve a string from an array by its index. This function is the > > equivalent of of_property_read_string_index() but for fwnode support. > > ... > > > + values = kcalloc(nval, sizeof(*values), GFP_KERNEL); > > + if (!values) > > + return -ENOMEM; > > + > > + ret = fwnode_property_read_string_array(fwnode, propname, values, nval); > > + if (ret < 0) > > + goto out; > > + > > + *string = values[index]; > > +out: > > + kfree(values); > > Here is UAF (use after free). How is it supposed to work? > values is an array of pointers. I'm only retrieving a pointer out of it. -- Clément Léger, Embedded Linux and Kernel engineer at Bootlin https://bootlin.com
