From: Andrew Morton <akpm@linux-foundation.org>
To: mm-commits@vger.kernel.org,mhiramat@kernel.org,akpm@linux-foundation.org,objecting@objecting.org,akpm@linux-foundation.org
Subject: + lib-bootconfig-fix-off-by-one-in-xbc_verify_tree-unclosed-brace-error.patch added to mm-nonmm-unstable branch
Date: Thu, 12 Mar 2026 13:19:17 -0700 [thread overview]
Message-ID: <20260312201918.2A1DCC19425@smtp.kernel.org> (raw)
The patch titled
Subject: lib/bootconfig: fix off-by-one in xbc_verify_tree() unclosed brace error
has been added to the -mm mm-nonmm-unstable branch. Its filename is
lib-bootconfig-fix-off-by-one-in-xbc_verify_tree-unclosed-brace-error.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/lib-bootconfig-fix-off-by-one-in-xbc_verify_tree-unclosed-brace-error.patch
This patch will later appear in the mm-nonmm-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via various
branches at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there most days
------------------------------------------------------
From: Josh Law <objecting@objecting.org>
Subject: lib/bootconfig: fix off-by-one in xbc_verify_tree() unclosed brace error
Date: Thu, 12 Mar 2026 19:11:41 +0000
Patch series "lib/bootconfig: three bug fixes", v2.
Three fixes for lib/bootconfig.c:
1. Fix off-by-one in xbc_verify_tree() unclosed brace error reporting.
2. Check bounds before writing in __xbc_open_brace() to prevent
potential out-of-bounds writes.
3. Fix snprintf truncation check in xbc_node_compose_key_after().
This patch (of 3):
__xbc_open_brace() pushes entries with post-increment
(open_brace[brace_index++]), so brace_index always points one past the
last valid entry. xbc_verify_tree() reads open_brace[brace_index] to
report which brace is unclosed, but this is one past the last pushed entry
and contains stale/zero data, causing the error message to reference the
wrong node.
Use open_brace[brace_index - 1] to correctly identify the unclosed brace.
brace_index is known to be > 0 here since we are inside the if
(brace_index) guard.
Link: https://lkml.kernel.org/r/20260312191143.28719-1-objecting@objecting.org
Link: https://lkml.kernel.org/r/20260312191143.28719-2-objecting@objecting.org
Signed-off-by: Josh Law <objecting@objecting.org>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
lib/bootconfig.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/lib/bootconfig.c~lib-bootconfig-fix-off-by-one-in-xbc_verify_tree-unclosed-brace-error
+++ a/lib/bootconfig.c
@@ -802,7 +802,7 @@ static int __init xbc_verify_tree(void)
/* Brace closing */
if (brace_index) {
- n = &xbc_nodes[open_brace[brace_index]];
+ n = &xbc_nodes[open_brace[brace_index - 1]];
return xbc_parse_error("Brace is not closed",
xbc_node_get_data(n));
}
_
Patches currently in -mm which might be from objecting@objecting.org are
lib-maple_tree-fix-swapped-arguments-in-mas_safe_pivot-call.patch
lib-glob-fix-grammar-and-replace-non-inclusive-terminology.patch
lib-glob-add-explicit-include-for-exporth.patch
lib-glob-replace-bitwise-or-with-logical-operation-on-boolean.patch
lib-glob-clean-up-bool-abuse-in-pointer-arithmetic.patch
lib-uuid-fix-typo-reversion-to-revision-in-comment.patch
lib-inflate-fix-memory-leak-in-inflate_fixed-on-inflate_codes-failure.patch
lib-inflate-fix-memory-leak-in-inflate_dynamic-on-inflate_codes-failure.patch
lib-inflate-fix-grammar-in-comment-variable-to-variables.patch
lib-inflate-fix-typo-this-results-to-the-results-in-comment.patch
lib-bug-fix-inconsistent-capitalization-in-bug-message.patch
lib-bug-remove-unnecessary-variable-initializations.patch
lib-idr-fix-ida_find_first_range-missing-ids-across-chunk-boundaries.patch
lib-decompress_bunzip2-fix-32-bit-shift-undefined-behavior.patch
maintainers-add-josh-law-as-reviewer-for-library-code.patch
lib-bootconfig-fix-typo-budy-in-_xbc_exit-comment.patch
lib-ts_bm-fix-integer-overflow-in-pattern-length-calculation.patch
lib-ts_kmp-fix-integer-overflow-in-pattern-length-calculation.patch
lib-bootconfig-fix-off-by-one-in-xbc_verify_tree-unclosed-brace-error.patch
lib-bootconfig-check-bounds-before-writing-in-__xbc_open_brace.patch
lib-bootconfig-fix-snprintf-truncation-check-in-xbc_node_compose_key_after.patch
reply other threads:[~2026-03-12 20:19 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260312201918.2A1DCC19425@smtp.kernel.org \
--to=akpm@linux-foundation.org \
--cc=mhiramat@kernel.org \
--cc=mm-commits@vger.kernel.org \
--cc=objecting@objecting.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.