From: Mihai Moldovan <ionic@ionic.de>
To: Masahiro Yamada <masahiroy@kernel.org>
Cc: linux-kernel@vger.kernel.org
Subject: [PATCH] kconfig: nconf: stop endless search-up loops
Date: Sat, 27 Mar 2021 13:01:55 +0100 [thread overview]
Message-ID: <20210327120155.500-1-ionic@ionic.de> (raw)
If the user selects the very first entry in a page and performs a
search-up operation (e.g., via [/][a][Up Arrow]), nconf will never
terminate searching the page.
The reason is that in this case, the starting point will be set to -1,
which is then translated into (n - 1) (i.e., the last entry of the
page) and finally the search begins. This continues to work fine until
the index reaches 0, at which point it will be decremented to -1, but
not checked against the starting point right away. Instead, it's
wrapped around to the bottom again, after which the starting point
check occurs... and naturally fails.
We can easily avoid it by checking against the starting point directly
if the current index is -1 (which should be safe, since it's the only
magic value that can occur) and terminate the matching function.
Amazingly, nobody seems to have been hit by this for 11 years - or at
the very least nobody bothered to debug and fix this.
Signed-off-by: Mihai Moldovan <ionic@ionic.de>
---
scripts/kconfig/nconf.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/scripts/kconfig/nconf.c b/scripts/kconfig/nconf.c
index e0f965529166..92a5403d8afa 100644
--- a/scripts/kconfig/nconf.c
+++ b/scripts/kconfig/nconf.c
@@ -515,6 +515,15 @@ static int get_mext_match(const char *match_str, match_f flag)
--index;
else
++index;
+ /*
+ * It's fine for index to become negative - think of an
+ * initial value for match_start of 0 with a match direction
+ * of up, eventually making it -1.
+ *
+ * Handle this as a special case.
+ */
+ if ((-1 == index) && (index == match_start))
+ return -1;
index = (index + items_num) % items_num;
if (index == match_start)
return -1;
--
2.30.1
next reply other threads:[~2021-03-27 12:07 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-27 12:01 Mihai Moldovan [this message]
2021-03-27 15:58 ` [PATCH] kconfig: nconf: stop endless search-up loops Randy Dunlap
2021-03-27 22:12 ` Mihai Moldovan
2021-03-27 22:26 ` Randy Dunlap
2021-03-28 9:27 ` Mihai Moldovan
2021-03-28 10:37 ` Joe Perches
2021-03-28 10:32 ` Joe Perches
2021-03-28 16:16 ` Randy Dunlap
2021-03-28 9:52 ` [PATCH v2] " Mihai Moldovan
2021-04-10 5:47 ` Masahiro Yamada
2021-04-10 7:00 ` Mihai Moldovan
2021-04-10 9:12 ` Masahiro Yamada
2021-04-15 7:28 ` [PATCH v3] kconfig: nconf: stop endless search loops Mihai Moldovan
2021-04-16 5:40 ` Masahiro Yamada
2021-04-16 10:39 ` Mihai Moldovan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210327120155.500-1-ionic@ionic.de \
--to=ionic@ionic.de \
--cc=linux-kernel@vger.kernel.org \
--cc=masahiroy@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).