Skip to content

Commit

Permalink
init/main.c: Fix potential static_command_line memory overflow
Browse files Browse the repository at this point in the history
We allocate memory of size 'xlen + strlen(boot_command_line) + 1' for
static_command_line, but the strings copied into static_command_line are
extra_command_line and command_line, rather than extra_command_line and
boot_command_line.

When strlen(command_line) > strlen(boot_command_line), static_command_line
will overflow.

This patch just recovers strlen(command_line) which was miss-consolidated
with strlen(boot_command_line) in the commit f5c7310 ("init/main: add
checks for the return value of memblock_alloc*()")

Link: https://lore.kernel.org/all/[email protected]/

Fixes: f5c7310 ("init/main: add checks for the return value of memblock_alloc*()")
Cc: [email protected]
Signed-off-by: Yuntao Wang <[email protected]>
Signed-off-by: Masami Hiramatsu (Google) <[email protected]>
  • Loading branch information
ytcoode authored and mhiramat committed Apr 12, 2024
1 parent c722cea commit 46dad3c
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions init/main.c
Original file line number Diff line number Diff line change
Expand Up @@ -636,6 +636,8 @@ static void __init setup_command_line(char *command_line)
if (!saved_command_line)
panic("%s: Failed to allocate %zu bytes\n", __func__, len + ilen);

len = xlen + strlen(command_line) + 1;

static_command_line = memblock_alloc(len, SMP_CACHE_BYTES);
if (!static_command_line)
panic("%s: Failed to allocate %zu bytes\n", __func__, len);
Expand Down

0 comments on commit 46dad3c

Please sign in to comment.