kconfig: fix possible buffer overflow

[ Upstream commit a3b7039bb2b22fcd2ad20d59c00ed4e606ce3754 ] Buffer 'new_argv' is accessed without bound check after accessing with bound check via 'new_argc' index. Fixes: e298f3b49def ("kconfig: add built-in function support") Co-developed-by: Ivanov Mikhail <ivanov.mikhail1@huawei-partners.com> Signed-off-by: Konstantin Meskhidze <konstantin.meskhidze@huawei.com> Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
author: Konstantin Meskhidze <konstantin.meskhidze@huawei.com> 2023-09-05 12:59:14 +0300
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2023-09-19 13:27:59 +0300
commit: 8ab59422395027abab0b1acc05e3edcc5c942643 (patch)
tree: ec703429c6b3b23d77ed1f4edaf0ab1ba8e83fd1
parent: 39c29d075352a642bc3ea5fe5969fbd77b1db299 (diff)
download: linux-8ab59422395027abab0b1acc05e3edcc5c942643.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/scripts/kconfig/preprocess.c b/scripts/kconfig/preprocess.c
index 748da578b418..d1f5bcff4b62 100644
--- a/scripts/kconfig/preprocess.c
+++ b/scripts/kconfig/preprocess.c
@@ -396,6 +396,9 @@ static char *eval_clause(const char *str, size_t len, int argc, char *argv[])
 
 		p++;
 	}
+
+	if (new_argc >= FUNCTION_MAX_ARGS)
+		pperror("too many function arguments");
 	new_argv[new_argc++] = prev;
 
 	/*
author	Konstantin Meskhidze <konstantin.meskhidze@huawei.com>	2023-09-05 12:59:14 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2023-09-19 13:27:59 +0300
commit	8ab59422395027abab0b1acc05e3edcc5c942643 (patch)
tree	ec703429c6b3b23d77ed1f4edaf0ab1ba8e83fd1
parent	39c29d075352a642bc3ea5fe5969fbd77b1db299 (diff)
download	linux-8ab59422395027abab0b1acc05e3edcc5c942643.tar.xz