This is a note to let you know that I've just added the patch titled
kconfig: qconf: fix buffer overflow in debug links
to the 6.6-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
kconfig-qconf-fix-buffer-overflow-in-debug-links.patch
and it can be found in the queue-6.6 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit ededfd6433c92f64522122c3e546ad8b2b13f264
Author: Masahiro Yamada <masahiroy@xxxxxxxxxx>
Date: Tue Oct 1 18:02:22 2024 +0900
kconfig: qconf: fix buffer overflow in debug links
[ Upstream commit 984ed20ece1c6c20789ece040cbff3eb1a388fa9 ]
If you enable "Option -> Show Debug Info" and click a link, the program
terminates with the following error:
*** buffer overflow detected ***: terminated
The buffer overflow is caused by the following line:
strcat(data, "$");
The buffer needs one more byte to accommodate the additional character.
Fixes: c4f7398bee9c ("kconfig: qconf: make debug links work again")
Signed-off-by: Masahiro Yamada <masahiroy@xxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/scripts/kconfig/qconf.cc b/scripts/kconfig/qconf.cc
index 620a3527c767a..4f3ba3debc08e 100644
--- a/scripts/kconfig/qconf.cc
+++ b/scripts/kconfig/qconf.cc
@@ -1174,7 +1174,7 @@ void ConfigInfoView::clicked(const QUrl &url)
{
QByteArray str = url.toEncoded();
const std::size_t count = str.size();
- char *data = new char[count + 1];
+ char *data = new char[count + 2]; // '$' + '\0'
struct symbol **result;
struct menu *m = NULL;
