From: Richard Fitzgerald <rf@xxxxxxxxxxxxxxxxxxxxx> [ Upstream commit 5b933c7262c5b0ea11ea3c3b3ea81add04895954 ] For wmfw format v2 and later the coefficient name strings have a length field and are NOT null-terminated. Use kasprintf() to convert the unterminated string into a null-terminated string in an allocated buffer. The previous code handled this duplication incorrectly using kmemdup() and getting the length from a strlen() of the (unterminated) source string. This resulted in creating a string that continued up to the next byte in the firmware file that just happened to be 0x00. Signed-off-by: Richard Fitzgerald <rf@xxxxxxxxxxxxxxxxxxxxx> Fixes: f6bc909e7673 ("firmware: cs_dsp: add driver to support firmware loading on Cirrus Logic DSPs") Link: https://lore.kernel.org/r/20220412163927.1303470-1-rf@xxxxxxxxxxxxxxxxxxxxx Signed-off-by: Mark Brown <broonie@xxxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> --- drivers/firmware/cirrus/cs_dsp.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/firmware/cirrus/cs_dsp.c b/drivers/firmware/cirrus/cs_dsp.c index e48108e694f8..7dad6f57d970 100644 --- a/drivers/firmware/cirrus/cs_dsp.c +++ b/drivers/firmware/cirrus/cs_dsp.c @@ -955,8 +955,7 @@ static int cs_dsp_create_control(struct cs_dsp *dsp, ctl->alg_region = *alg_region; if (subname && dsp->fw_ver >= 2) { ctl->subname_len = subname_len; - ctl->subname = kmemdup(subname, - strlen(subname) + 1, GFP_KERNEL); + ctl->subname = kasprintf(GFP_KERNEL, "%.*s", subname_len, subname); if (!ctl->subname) { ret = -ENOMEM; goto err_ctl; -- 2.35.1