[PATCH] arch: parisc: kernel: memory overflow, 'name' length is tooshort for using

From: Chen Gang
Date: Mon May 27 2013 - 00:58:11 EST

Next message: Zhang Rui: "Re: Fans at full speed after resume"
Previous message: Namjae Jeon: "Re: [PATCH 2/2] f2fs: add sysfs support for controlling the gc_thread"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

'path.bc[i]' can be asigned by PCI_SLOT() which can '> 10', so sizeof(6
* "%u:" + "%u" + '\0') may be 21.

Since 'name' length is 20, it may be memory overflow.

And 'path.bc[i]' is 'unsigned char' for printing, we can be sure the
max length of 'name' must be less than 28.

So simplify thinking, we can use 28 instead of 20 directly, and do not
think of whether 'patchc.bc[i]' can '> 100'.

Signed-off-by: Chen Gang <gang.chen@xxxxxxxxxxx>
---
arch/parisc/kernel/drivers.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/arch/parisc/kernel/drivers.c b/arch/parisc/kernel/drivers.c
index 5709c5e..14285ca 100644
--- a/arch/parisc/kernel/drivers.c
+++ b/arch/parisc/kernel/drivers.c
@@ -394,7 +394,7 @@ EXPORT_SYMBOL(print_pci_hwpath);
static void setup_bus_id(struct parisc_device *padev)
{
struct hardware_path path;
- char name[20];
+ char name[28];
char *output = name;
int i;

--
1.7.7.6
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Zhang Rui: "Re: Fans at full speed after resume"
Previous message: Namjae Jeon: "Re: [PATCH 2/2] f2fs: add sysfs support for controlling the gc_thread"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]