This is a note to let you know that I've just added the patch titled kconfig: fix possible buffer overflow to the 6.1-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: kconfig-fix-possible-buffer-overflow.patch and it can be found in the queue-6.1 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit 91dc7bf7cabdafffe131ba54cf10a1598ffbbcb5 Author: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx> Date: Tue Sep 5 17:59:14 2023 +0800 kconfig: fix possible buffer overflow [ Upstream commit a3b7039bb2b22fcd2ad20d59c00ed4e606ce3754 ] Buffer 'new_argv' is accessed without bound check after accessing with bound check via 'new_argc' index. Fixes: e298f3b49def ("kconfig: add built-in function support") Co-developed-by: Ivanov Mikhail <ivanov.mikhail1@xxxxxxxxxxxxxxxxxxx> Signed-off-by: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx> Signed-off-by: Masahiro Yamada <masahiroy@xxxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/scripts/kconfig/preprocess.c b/scripts/kconfig/preprocess.c index 748da578b418c..d1f5bcff4b62d 100644 --- a/scripts/kconfig/preprocess.c +++ b/scripts/kconfig/preprocess.c @@ -396,6 +396,9 @@ static char *eval_clause(const char *str, size_t len, int argc, char *argv[]) p++; } + + if (new_argc >= FUNCTION_MAX_ARGS) + pperror("too many function arguments"); new_argv[new_argc++] = prev; /*