[PATCH] usb: gadget: configfs: Prevent buffer overrun in usb_string_copy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



In usb_string_copy(), when `strlen(s) == 0`, `str[ret - 1]` accesses at
index -1. Add a check to prevent buffer overrun when `s` is empty.

Signed-off-by: Yiyuan Guo <yguoaz@xxxxxxxxx>
---
 drivers/usb/gadget/configfs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/usb/gadget/configfs.c b/drivers/usb/gadget/configfs.c
index 4c639e9ddedc..457dbc267964 100644
--- a/drivers/usb/gadget/configfs.c
+++ b/drivers/usb/gadget/configfs.c
@@ -127,7 +127,7 @@ static int usb_string_copy(const char *s, char **s_copy)
 			return -ENOMEM;
 	}
 	strcpy(str, s);
-	if (str[ret - 1] == '\n')
+	if (ret && str[ret - 1] == '\n')
 		str[ret - 1] = '\0';
 	*s_copy = str;
 	return 0;
-- 
2.25.1




[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux