misc: kgdbts: fix out-of-bounds access in function param_set_kgdbts_var
There is an out-of-bounds access to "config[len - 1]" array when the
variable "len" is zero.
See commit dada6a43b0
("kgdboc: fix KASAN global-out-of-bounds bug
in param_set_kgdboc_var()") for details.
Signed-off-by: Young Xiao <YangX92@hotmail.com>
Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
This commit is contained in:
parent
9b555c4d78
commit
976643af4e
|
@ -1135,7 +1135,7 @@ static void kgdbts_put_char(u8 chr)
|
|||
static int param_set_kgdbts_var(const char *kmessage,
|
||||
const struct kernel_param *kp)
|
||||
{
|
||||
int len = strlen(kmessage);
|
||||
size_t len = strlen(kmessage);
|
||||
|
||||
if (len >= MAX_CONFIG_LEN) {
|
||||
printk(KERN_ERR "kgdbts: config string too long\n");
|
||||
|
@ -1155,7 +1155,7 @@ static int param_set_kgdbts_var(const char *kmessage,
|
|||
|
||||
strcpy(config, kmessage);
|
||||
/* Chop out \n char as a result of echo */
|
||||
if (config[len - 1] == '\n')
|
||||
if (len && config[len - 1] == '\n')
|
||||
config[len - 1] = '\0';
|
||||
|
||||
/* Go and configure with the new params. */
|
||||
|
|
Loading…
Reference in New Issue