On 2019-06-05 06:57:02, Jiri Slaby wrote: > On 29. 05. 19, 3:53, Gen Zhang wrote: > > In wcd9335_codec_enable_dec(), 'widget_name' is allocated by kstrndup(). > > However, according to doc: "Note: Use kmemdup_nul() instead if the size > > is known exactly." > > Except the size is not known exactly. It is at most 15, not 15. Right?
That's my understanding, as well. This change looks incorrect/misguided to me. CVE-2019-12454 was assigned for this but I've requested that MITRE reject it as there doesn't seem to be any security impact and possibly no reason at all for this change. Tyler > > > So we should use kmemdup_nul() here instead of > > kstrndup(). > > > > Signed-off-by: Gen Zhang <blackgod016...@gmail.com> > > --- > > diff --git a/sound/soc/codecs/wcd9335.c b/sound/soc/codecs/wcd9335.c > > index a04a7ce..85737fe 100644 > > --- a/sound/soc/codecs/wcd9335.c > > +++ b/sound/soc/codecs/wcd9335.c > > @@ -2734,7 +2734,7 @@ static int wcd9335_codec_enable_dec(struct > > snd_soc_dapm_widget *w, > > char *dec; > > u8 hpf_coff_freq; > > > > - widget_name = kstrndup(w->name, 15, GFP_KERNEL); > > + widget_name = kmemdup_nul(w->name, 15, GFP_KERNEL); > > if (!widget_name) > > return -ENOMEM; > > > > thanks, > -- > js > suse labs
