From: Mathias Nyman <mathias.nyman@linux.intel.com>
To: <gregkh@linuxfoundation.org>
Cc: <linux-usb@vger.kernel.org>,
Anssi Hannula <anssi.hannula@bitwise.fi>,
stable@vger.kernel.org,
Mathias Nyman <mathias.nyman@linux.intel.com>
Subject: [PATCH v2 3/9] xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx()
Date: Thu, 3 Mar 2022 13:08:57 +0200 [thread overview]
Message-ID: <20220303110903.1662404-4-mathias.nyman@linux.intel.com> (raw)
In-Reply-To: <20220303110903.1662404-1-mathias.nyman@linux.intel.com>
From: Anssi Hannula <anssi.hannula@bitwise.fi>
xhci_decode_ctrl_ctx() returns the untouched buffer as-is if both "drop"
and "add" parameters are zero.
Fix the function to return an empty string in that case.
It was not immediately clear from the possible call chains whether this
issue is currently actually triggerable or not.
Note that before commit 4843b4b5ec64 ("xhci: fix even more unsafe memory
usage in xhci tracing") the result effect in the failure case was different
as a static buffer was used here, but the code still worked incorrectly.
Fixes: 90d6d5731da7 ("xhci: Add tracing for input control context")
Cc: stable@vger.kernel.org
Signed-off-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
commit 4843b4b5ec64 ("xhci: fix even more unsafe memory usage in xhci tracing")
---
drivers/usb/host/xhci.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h
index 1d83ddace482..473a33ce299e 100644
--- a/drivers/usb/host/xhci.h
+++ b/drivers/usb/host/xhci.h
@@ -2468,6 +2468,8 @@ static inline const char *xhci_decode_ctrl_ctx(char *str,
unsigned int bit;
int ret = 0;
+ str[0] = '\0';
+
if (drop) {
ret = sprintf(str, "Drop:");
for_each_set_bit(bit, &drop, 32)
--
2.25.1
next prev parent reply other threads:[~2022-03-03 11:07 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-03 11:08 [PATCH v2 0/9] xhci cleanups and fixes for usb-next Mathias Nyman
2022-03-03 11:08 ` [PATCH v2 1/9] xhci: make xhci_handshake timeout for xhci_reset() adjustable Mathias Nyman
2022-03-03 11:08 ` [PATCH v2 2/9] xhci: fix garbage USBSTS being logged in some cases Mathias Nyman
2022-03-03 11:08 ` Mathias Nyman [this message]
2022-03-03 11:08 ` [PATCH v2 4/9] xhci: fix runtime PM imbalance in USB2 resume Mathias Nyman
2022-03-03 11:08 ` [PATCH v2 5/9] usb: host: xhci: use ffs() in xhci_mem_init() Mathias Nyman
2022-03-03 11:09 ` [PATCH v2 6/9] usb: host: xhci: fix a comment typo " Mathias Nyman
2022-03-03 11:09 ` [PATCH v2 7/9] usb: host: xhci: update hci_version operation in xhci_gen_setup() Mathias Nyman
2022-03-03 11:09 ` [PATCH v2 8/9] usb: host: xhci: add blank line in xhci_halt() Mathias Nyman
2022-03-03 11:09 ` [PATCH v2 9/9] usb: host: xhci: Remove some unnecessary return value initializations Mathias Nyman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220303110903.1662404-4-mathias.nyman@linux.intel.com \
--to=mathias.nyman@linux.intel.com \
--cc=anssi.hannula@bitwise.fi \
--cc=gregkh@linuxfoundation.org \
--cc=linux-usb@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.