* [PATCH v2] kconfig: fix potential NULL pointer dereference in conf_askvalue()
@ 2026-03-01 5:30 Xingjing Deng
2026-03-01 14:15 ` kernel test robot
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Xingjing Deng @ 2026-03-01 5:30 UTC (permalink / raw)
To: nathan, nsc, rdunlap, masahiroy; +Cc: linux-kbuild, linux-kernel, Xingjing Deng
In conf_askvalue(), the 'def' argument (retrieved via sym_get_string_value)
can be NULL. While current call sites ensure that 'def' is valid,
calling printf("%s\n", def) is technically undefined behavior and could
lead to a segmentation fault on certain libc implementations if the
function were called with a NULL pointer in the future.
Improve the robustness of conf_askvalue() by providing an empty string
as a fallback.
Additionally, remove the redundant re-initialization of the 'line'
buffer inside the !sym_is_changeable(sym) block, as it is already
properly initialized at the function entry.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Xingjing Deng <micro6947@gmail.com>
---
v2:
- Change commit message and use fewer characters in modify.
- Link to v1: https://lore.kernel.org/all/20260225072246.3475275-1-micro6947@gmail.com/
scripts/kconfig/conf.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/scripts/kconfig/conf.c b/scripts/kconfig/conf.c
index a7b44cd8a..0d32183c5 100644
--- a/scripts/kconfig/conf.c
+++ b/scripts/kconfig/conf.c
@@ -297,9 +297,7 @@ static int conf_askvalue(struct symbol *sym, const char *def)
line[1] = 0;
if (!sym_is_changeable(sym)) {
- printf("%s\n", def);
- line[0] = '\n';
- line[1] = 0;
+ printf("%s\n", def :? "");
return 0;
}
@@ -307,7 +305,7 @@ static int conf_askvalue(struct symbol *sym, const char *def)
case oldconfig:
case syncconfig:
if (sym_has_value(sym)) {
- printf("%s\n", def);
+ printf("%s\n", def :? "");
return 0;
}
/* fall through */
--
2.25.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH v2] kconfig: fix potential NULL pointer dereference in conf_askvalue()
2026-03-01 5:30 [PATCH v2] kconfig: fix potential NULL pointer dereference in conf_askvalue() Xingjing Deng
@ 2026-03-01 14:15 ` kernel test robot
2026-03-01 19:12 ` kernel test robot
2026-03-05 19:51 ` Nathan Chancellor
2 siblings, 0 replies; 4+ messages in thread
From: kernel test robot @ 2026-03-01 14:15 UTC (permalink / raw)
To: Xingjing Deng, nathan, nsc, rdunlap, masahiroy
Cc: llvm, oe-kbuild-all, linux-kbuild, linux-kernel, Xingjing Deng
Hi Xingjing,
kernel test robot noticed the following build errors:
[auto build test ERROR on linus/master]
[also build test ERROR on masahiroy-kbuild/for-next masahiroy-kbuild/fixes v7.0-rc1 next-20260227]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Xingjing-Deng/kconfig-fix-potential-NULL-pointer-dereference-in-conf_askvalue/20260301-133159
base: linus/master
patch link: https://lore.kernel.org/r/20260301053035.1950087-1-micro6947%40gmail.com
patch subject: [PATCH v2] kconfig: fix potential NULL pointer dereference in conf_askvalue()
config: x86_64-kexec (attached as .config)
compiler: clang version 20.1.8 (https://github.com/llvm/llvm-project 87f0227cb60147a26a1eeb4fb06e3b505e9c7261)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260301/202603012239.PzfGASyC-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202603012239.PzfGASyC-lkp@intel.com/
All errors (new ones prefixed by >>):
>> scripts/kconfig/conf.c:300:22: error: expected ')'
300 | printf("%s\n", def :? "");
| ^
scripts/kconfig/conf.c:300:9: note: to match this '('
300 | printf("%s\n", def :? "");
| ^
scripts/kconfig/conf.c:308:23: error: expected ')'
308 | printf("%s\n", def :? "");
| ^
scripts/kconfig/conf.c:308:10: note: to match this '('
308 | printf("%s\n", def :? "");
| ^
2 errors generated.
make[3]: *** [scripts/Makefile.host:131: scripts/kconfig/conf.o] Error 1
make[3]: Target 'oldconfig' not remade because of errors.
make[2]: *** [Makefile:746: oldconfig] Error 2
make[1]: *** [Makefile:248: __sub-make] Error 2
make[1]: Target 'oldconfig' not remade because of errors.
make: *** [Makefile:248: __sub-make] Error 2
make: Target 'oldconfig' not remade because of errors.
--
>> scripts/kconfig/conf.c:300:22: error: expected ')'
300 | printf("%s\n", def :? "");
| ^
scripts/kconfig/conf.c:300:9: note: to match this '('
300 | printf("%s\n", def :? "");
| ^
scripts/kconfig/conf.c:308:23: error: expected ')'
308 | printf("%s\n", def :? "");
| ^
scripts/kconfig/conf.c:308:10: note: to match this '('
308 | printf("%s\n", def :? "");
| ^
2 errors generated.
make[3]: *** [scripts/Makefile.host:131: scripts/kconfig/conf.o] Error 1
make[3]: Target 'olddefconfig' not remade because of errors.
make[2]: *** [Makefile:746: olddefconfig] Error 2
make[1]: *** [Makefile:248: __sub-make] Error 2
make[1]: Target 'olddefconfig' not remade because of errors.
make: *** [Makefile:248: __sub-make] Error 2
make: Target 'olddefconfig' not remade because of errors.
vim +300 scripts/kconfig/conf.c
290
291 static int conf_askvalue(struct symbol *sym, const char *def)
292 {
293 if (!sym_has_value(sym))
294 printf("(NEW) ");
295
296 line[0] = '\n';
297 line[1] = 0;
298
299 if (!sym_is_changeable(sym)) {
> 300 printf("%s\n", def :? "");
301 return 0;
302 }
303
304 switch (input_mode) {
305 case oldconfig:
306 case syncconfig:
307 if (sym_has_value(sym)) {
308 printf("%s\n", def :? "");
309 return 0;
310 }
311 /* fall through */
312 default:
313 fflush(stdout);
314 xfgets(line, sizeof(line), stdin);
315 break;
316 }
317
318 return 1;
319 }
320
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v2] kconfig: fix potential NULL pointer dereference in conf_askvalue()
2026-03-01 5:30 [PATCH v2] kconfig: fix potential NULL pointer dereference in conf_askvalue() Xingjing Deng
2026-03-01 14:15 ` kernel test robot
@ 2026-03-01 19:12 ` kernel test robot
2026-03-05 19:51 ` Nathan Chancellor
2 siblings, 0 replies; 4+ messages in thread
From: kernel test robot @ 2026-03-01 19:12 UTC (permalink / raw)
To: Xingjing Deng, nathan, nsc, rdunlap, masahiroy
Cc: oe-kbuild-all, linux-kbuild, linux-kernel, Xingjing Deng
Hi Xingjing,
kernel test robot noticed the following build errors:
[auto build test ERROR on linus/master]
[also build test ERROR on v7.0-rc1 next-20260227]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Xingjing-Deng/kconfig-fix-potential-NULL-pointer-dereference-in-conf_askvalue/20260301-133159
base: linus/master
patch link: https://lore.kernel.org/r/20260301053035.1950087-1-micro6947%40gmail.com
patch subject: [PATCH v2] kconfig: fix potential NULL pointer dereference in conf_askvalue()
config: x86_64-rhel-9.4 (attached as .config)
compiler: gcc-14 (Debian 14.2.0-19) 14.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260302/202603020347.rhUXW6ql-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202603020347.rhUXW6ql-lkp@intel.com/
All errors (new ones prefixed by >>):
scripts/kconfig/conf.c: In function 'conf_askvalue':
>> scripts/kconfig/conf.c:300:35: error: expected ')' before ':' token
300 | printf("%s\n", def :? "");
| ~ ^~
| )
scripts/kconfig/conf.c:308:43: error: expected ')' before ':' token
308 | printf("%s\n", def :? "");
| ~ ^~
| )
make[3]: *** [scripts/Makefile.host:131: scripts/kconfig/conf.o] Error 1
make[3]: Target 'oldconfig' not remade because of errors.
make[2]: *** [Makefile:746: oldconfig] Error 2
make[1]: *** [Makefile:248: __sub-make] Error 2
make[1]: Target 'oldconfig' not remade because of errors.
make: *** [Makefile:248: __sub-make] Error 2
make: Target 'oldconfig' not remade because of errors.
--
scripts/kconfig/conf.c: In function 'conf_askvalue':
>> scripts/kconfig/conf.c:300:35: error: expected ')' before ':' token
300 | printf("%s\n", def :? "");
| ~ ^~
| )
scripts/kconfig/conf.c:308:43: error: expected ')' before ':' token
308 | printf("%s\n", def :? "");
| ~ ^~
| )
make[3]: *** [scripts/Makefile.host:131: scripts/kconfig/conf.o] Error 1
make[3]: Target 'olddefconfig' not remade because of errors.
make[2]: *** [Makefile:746: olddefconfig] Error 2
make[1]: *** [Makefile:248: __sub-make] Error 2
make[1]: Target 'olddefconfig' not remade because of errors.
make: *** [Makefile:248: __sub-make] Error 2
make: Target 'olddefconfig' not remade because of errors.
vim +300 scripts/kconfig/conf.c
290
291 static int conf_askvalue(struct symbol *sym, const char *def)
292 {
293 if (!sym_has_value(sym))
294 printf("(NEW) ");
295
296 line[0] = '\n';
297 line[1] = 0;
298
299 if (!sym_is_changeable(sym)) {
> 300 printf("%s\n", def :? "");
301 return 0;
302 }
303
304 switch (input_mode) {
305 case oldconfig:
306 case syncconfig:
307 if (sym_has_value(sym)) {
308 printf("%s\n", def :? "");
309 return 0;
310 }
311 /* fall through */
312 default:
313 fflush(stdout);
314 xfgets(line, sizeof(line), stdin);
315 break;
316 }
317
318 return 1;
319 }
320
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v2] kconfig: fix potential NULL pointer dereference in conf_askvalue()
2026-03-01 5:30 [PATCH v2] kconfig: fix potential NULL pointer dereference in conf_askvalue() Xingjing Deng
2026-03-01 14:15 ` kernel test robot
2026-03-01 19:12 ` kernel test robot
@ 2026-03-05 19:51 ` Nathan Chancellor
2 siblings, 0 replies; 4+ messages in thread
From: Nathan Chancellor @ 2026-03-05 19:51 UTC (permalink / raw)
To: Xingjing Deng; +Cc: nsc, rdunlap, masahiroy, linux-kbuild, linux-kernel
On Sun, Mar 01, 2026 at 05:30:35AM +0000, Xingjing Deng wrote:
> In conf_askvalue(), the 'def' argument (retrieved via sym_get_string_value)
> can be NULL. While current call sites ensure that 'def' is valid,
> calling printf("%s\n", def) is technically undefined behavior and could
> lead to a segmentation fault on certain libc implementations if the
> function were called with a NULL pointer in the future.
>
> Improve the robustness of conf_askvalue() by providing an empty string
> as a fallback.
>
> Additionally, remove the redundant re-initialization of the 'line'
> buffer inside the !sym_is_changeable(sym) block, as it is already
> properly initialized at the function entry.
>
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Signed-off-by: Xingjing Deng <micro6947@gmail.com>
> ---
>
> v2:
> - Change commit message and use fewer characters in modify.
> - Link to v1: https://lore.kernel.org/all/20260225072246.3475275-1-micro6947@gmail.com/
>
> scripts/kconfig/conf.c | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/scripts/kconfig/conf.c b/scripts/kconfig/conf.c
> index a7b44cd8a..0d32183c5 100644
> --- a/scripts/kconfig/conf.c
> +++ b/scripts/kconfig/conf.c
> @@ -297,9 +297,7 @@ static int conf_askvalue(struct symbol *sym, const char *def)
> line[1] = 0;
>
> if (!sym_is_changeable(sym)) {
> - printf("%s\n", def);
> - line[0] = '\n';
> - line[1] = 0;
> + printf("%s\n", def :? "");
As the kernel test robot pointed out, this should be ?:, not :?. Please
ensure you always test build your changes before sending them out,
especially scripts/kconfig since it runs so early in the build.
When sending a corrected v3, you can include:
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
> return 0;
> }
>
> @@ -307,7 +305,7 @@ static int conf_askvalue(struct symbol *sym, const char *def)
> case oldconfig:
> case syncconfig:
> if (sym_has_value(sym)) {
> - printf("%s\n", def);
> + printf("%s\n", def :? "");
> return 0;
> }
> /* fall through */
> --
> 2.25.1
>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2026-03-05 19:51 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-03-01 5:30 [PATCH v2] kconfig: fix potential NULL pointer dereference in conf_askvalue() Xingjing Deng
2026-03-01 14:15 ` kernel test robot
2026-03-01 19:12 ` kernel test robot
2026-03-05 19:51 ` Nathan Chancellor
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox