kconfig: require a space after '#' for valid input

Currently, when an input line starts with '#', (line + 2) is passed to
memcmp() without checking line[1].

It means that line[1] can be any arbitrary character. For example,
"#KCONFIG_FOO is not set" is accepted as valid input, functioning the
same as "# CONFIG_FOO is not set".

More importantly, this can potentially lead to a buffer overrun if
line[1] == '\0'. It occurs if the input only contains '#', as
(line + 2) points to an uninitialized buffer.

Check line[1], and skip the line if it is not a space.

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>

diff --git a/scripts/kconfig/confdata.c b/scripts/kconfig/confdata.c
index 2ba4dfdd1aeeea159a140379af5478a5f51a1619..556b7f087dbb5562a0f746244bd5bbb70cb9c49d 100644 (file)
--- a/scripts/kconfig/confdata.c
+++ b/scripts/kconfig/confdata.c
@@ -426,6 +426,8 @@ load:
                conf_lineno++;
                sym = NULL;
                if (line[0] == '#') {
+                       if (line[1] != ' ')
+                               continue;
                        if (memcmp(line + 2, CONFIG_, strlen(CONFIG_)))
                                continue;
                        p = strchr(line + 2 + strlen(CONFIG_), ' ');