On 12/14/21 4:25 PM, Miaoqian Lin wrote:
In wcd934x_codec_enable_dec(), widget_name is allocated by kstrndup(). However, according to doc: "Note: Use kmemdup_nul() instead if the size is known exactly." So we should use kmemdup_nul() here instead of kstrndup(). It's similar to CVE-2019-12454.
Signed-off-by: Miaoqian Lin linmq006@gmail.com
sound/soc/codecs/wcd934x.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/soc/codecs/wcd934x.c b/sound/soc/codecs/wcd934x.c index e63c6b723d76..c6677cfbce59 100644 --- a/sound/soc/codecs/wcd934x.c +++ b/sound/soc/codecs/wcd934x.c @@ -5005,7 +5005,7 @@ static int wcd934x_codec_enable_dec(struct snd_soc_dapm_widget *w, char *dec; u8 hpf_coff_freq;
- widget_name = kstrndup(w->name, 15, GFP_KERNEL);
- widget_name = kmemdup_nul(w->name, 15, GFP_KERNEL);
I'm wondering if it isn't better to re-structure the code to not allocate any memory.
something like
ret = sscan(w->name, "ADC MUX%d", &decimator); if (ret != 1) ...