* [obsolete] lib-bootconfig-check-bounds-before-writing-in-__xbc_open_brace.patch removed from -mm tree
@ 2026-03-12 21:49 Andrew Morton
0 siblings, 0 replies; only message in thread
From: Andrew Morton @ 2026-03-12 21:49 UTC (permalink / raw)
To: mm-commits, mhiramat, akpm, objecting, akpm
The quilt patch titled
Subject: lib/bootconfig: check bounds before writing in __xbc_open_brace()
has been removed from the -mm tree. Its filename was
lib-bootconfig-check-bounds-before-writing-in-__xbc_open_brace.patch
This patch was dropped because it is obsolete
------------------------------------------------------
From: Josh Law <objecting@objecting.org>
Subject: lib/bootconfig: check bounds before writing in __xbc_open_brace()
Date: Thu, 12 Mar 2026 19:11:42 +0000
The bounds check for brace_index happens after the array write. While the
current call pattern prevents an actual out-of-bounds access (the previous
call would have returned an error), the write-before-check pattern is
fragile and would become a real out-of-bounds write if the error return
were ever not propagated.
Move the bounds check before the array write so the function is
self-contained and safe regardless of caller behavior.
Link: https://lkml.kernel.org/r/20260312191143.28719-3-objecting@objecting.org
Signed-off-by: Josh Law <objecting@objecting.org>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
lib/bootconfig.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/lib/bootconfig.c~lib-bootconfig-check-bounds-before-writing-in-__xbc_open_brace
+++ a/lib/bootconfig.c
@@ -532,9 +532,9 @@ static char *skip_spaces_until_newline(c
static int __init __xbc_open_brace(char *p)
{
/* Push the last key as open brace */
- open_brace[brace_index++] = xbc_node_index(last_parent);
if (brace_index >= XBC_DEPTH_MAX)
return xbc_parse_error("Exceed max depth of braces", p);
+ open_brace[brace_index++] = xbc_node_index(last_parent);
return 0;
}
_
Patches currently in -mm which might be from objecting@objecting.org are
lib-maple_tree-fix-swapped-arguments-in-mas_safe_pivot-call.patch
lib-glob-fix-grammar-and-replace-non-inclusive-terminology.patch
lib-glob-add-explicit-include-for-exporth.patch
lib-glob-replace-bitwise-or-with-logical-operation-on-boolean.patch
lib-glob-clean-up-bool-abuse-in-pointer-arithmetic.patch
lib-uuid-fix-typo-reversion-to-revision-in-comment.patch
lib-inflate-fix-memory-leak-in-inflate_fixed-on-inflate_codes-failure.patch
lib-inflate-fix-memory-leak-in-inflate_dynamic-on-inflate_codes-failure.patch
lib-inflate-fix-grammar-in-comment-variable-to-variables.patch
lib-inflate-fix-typo-this-results-to-the-results-in-comment.patch
lib-bug-fix-inconsistent-capitalization-in-bug-message.patch
lib-bug-remove-unnecessary-variable-initializations.patch
lib-idr-fix-ida_find_first_range-missing-ids-across-chunk-boundaries.patch
lib-decompress_bunzip2-fix-32-bit-shift-undefined-behavior.patch
maintainers-add-josh-law-as-reviewer-for-library-code.patch
lib-bootconfig-fix-typo-budy-in-_xbc_exit-comment.patch
lib-ts_bm-fix-integer-overflow-in-pattern-length-calculation.patch
lib-ts_kmp-fix-integer-overflow-in-pattern-length-calculation.patch
lib-bootconfig-fix-off-by-one-in-xbc_verify_tree-unclosed-brace-error.patch
lib-bootconfig-fix-snprintf-truncation-check-in-xbc_node_compose_key_after.patch
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-03-12 21:49 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-03-12 21:49 [obsolete] lib-bootconfig-check-bounds-before-writing-in-__xbc_open_brace.patch removed from -mm tree Andrew Morton
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.