Re: [PATCH 3/9] xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

On 3.3.2022 12.26, Mathias Nyman wrote:
> From: Anssi Hannula <anssi.hannula@xxxxxxxxxx>
>
> xhci_decode_ctrl_ctx() returns the untouched buffer as-is if both "drop"
> and "add" parameters are zero.
>
> Fix the function to return an empty string in that case.
>
> It was not immediately clear from the possible call chains whether this
> issue is currently actually triggerable or not.
>
> Note that before commit 4843b4b5ec64 ("xhci: fix even more unsafe memory
> Cc: stable@xxxxxxxxxxxxxxx
> usage in xhci tracing") the result effect in the failure case was different
> as a static buffer was used here, but the code still worked incorrectly.

You added the Cc-stable line a few lines too early above :)

> Fixes: 90d6d5731da7 ("xhci: Add tracing for input control context")
> Signed-off-by: Anssi Hannula <anssi.hannula@xxxxxxxxxx>
> Signed-off-by: Mathias Nyman <mathias.nyman@xxxxxxxxxxxxxxx>
>
> commit 4843b4b5ec64 ("xhci: fix even more unsafe memory usage in xhci tracing")
> ---
>  drivers/usb/host/xhci.h | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h
> index 1d83ddace482..473a33ce299e 100644
> --- a/drivers/usb/host/xhci.h
> +++ b/drivers/usb/host/xhci.h
> @@ -2468,6 +2468,8 @@ static inline const char *xhci_decode_ctrl_ctx(char *str,
>  	unsigned int	bit;
>  	int		ret = 0;
>  
> +	str[0] = '\0';
> +
>  	if (drop) {
>  		ret = sprintf(str, "Drop:");
>  		for_each_set_bit(bit, &drop, 32)


-- 
Anssi Hannula / Bitwise Oy
+358 503803997




[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux