* [merged mm-stable] tools-mm-slabinfo-fix-access-to-null-terminator-in-string-boundary.patch removed from -mm tree
@ 2025-09-21 21:23 Andrew Morton
0 siblings, 0 replies; only message in thread
From: Andrew Morton @ 2025-09-21 21:23 UTC (permalink / raw)
To: mm-commits, sj, kaushlendra.kumar, akpm
The quilt patch titled
Subject: tools/mm/slabinfo: fix access to null terminator in string boundary
has been removed from the -mm tree. Its filename was
tools-mm-slabinfo-fix-access-to-null-terminator-in-string-boundary.patch
This patch was dropped because it was merged into the mm-stable branch
of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
------------------------------------------------------
From: Kaushlendra Kumar <kaushlendra.kumar@intel.com>
Subject: tools/mm/slabinfo: fix access to null terminator in string boundary
Date: Sat, 30 Aug 2025 22:50:22 +0530
The current code incorrectly accesses buffer[strlen(buffer)], which points
to the null terminator ('\0') at the end of the string. This is
technically out-of-bounds access since valid string content ends at index
strlen(buffer)-1.
Fix by:
1. Declaring strlen() result variable at function scope
2. Adding bounds check (len > 0) to handle empty strings
3. Using buffer[len-1] to correctly access the last character before
the null terminator
[kaushlendra.kumar@intel.com: remove unnecessary blank line]
Link: https://lkml.kernel.org/r/20250901044955.3902815-1-kaushlendra.kumar@intel.com
Link: https://lkml.kernel.org/r/20250830172022.1927448-1-kaushlendra.kumar@intel.com
Signed-off-by: Kaushlendra Kumar <kaushlendra.kumar@intel.com>
Acked-by: SeongJae Park <sj@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
tools/mm/slabinfo.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/tools/mm/slabinfo.c~tools-mm-slabinfo-fix-access-to-null-terminator-in-string-boundary
+++ a/tools/mm/slabinfo.c
@@ -155,6 +155,7 @@ static void usage(void)
static unsigned long read_obj(const char *name)
{
+ size_t len;
FILE *f = fopen(name, "r");
if (!f) {
@@ -165,8 +166,10 @@ static unsigned long read_obj(const char
if (!fgets(buffer, sizeof(buffer), f))
buffer[0] = 0;
fclose(f);
- if (buffer[strlen(buffer)] == '\n')
- buffer[strlen(buffer)] = 0;
+ len = strlen(buffer);
+
+ if (len > 0 && buffer[len - 1] == '\n')
+ buffer[len - 1] = 0;
}
return strlen(buffer);
}
_
Patches currently in -mm which might be from kaushlendra.kumar@intel.com are
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-09-21 21:23 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-09-21 21:23 [merged mm-stable] tools-mm-slabinfo-fix-access-to-null-terminator-in-string-boundary.patch removed from -mm tree Andrew Morton
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.