Skip to content

Commit

Permalink
kconfig: loop boundary condition fix
Browse files Browse the repository at this point in the history 
If buf[-1] just happens to hold the byte 0x0A, then nread can wrap around
to (size_t)-1, leading to invalid memory accesses.

This has caused segmentation faults when trying to build the latest
kernel snapshots for i686 in Fedora:
https://bugzilla.redhat.com/show_bug.cgi?id=1592374

Signed-off-by: Jerry James <loganjerry@gmail.com>
[alexpl@fedoraproject.org: reformatted patch for submission]
Signed-off-by: Alexander Ploumistos <alexpl@fedoraproject.org>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
  • Loading branch information
@jamesjer @masahir0y
jamesjer authored and masahir0y committed Jun 28, 2018
1 parent 8b9d271 commit 73d1c58
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion scripts/kconfig/preprocess.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -156,7 +156,7 @@ static char *do_shell(int argc, char *argv[])
nread--;

/* remove trailing new lines */
while (buf[nread - 1] == '\n')
while (nread > 0 && buf[nread - 1] == '\n')
nread--;

buf[nread] = 0;
Expand Down

0 comments on commit 73d1c58

Please sign in to comment.