[PATCH] clk/ti/adpll: allocate room for terminating null

From: Stephen Kitt
Date: Fri Sep 27 2019 - 11:34:46 EST

Next message: Arnaldo Carvalho de Melo: "Re: [PATCH] perf map: fix overlapped map handling"
Previous message: Andy Shevchenko: "Re: [PATCH v2] ASoC: Intel: Skylake: prevent memory leak in snd_skl_parse_uuids"
Next in thread: Tony Lindgren: "Re: [PATCH] clk/ti/adpll: allocate room for terminating null"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The buffer allocated in ti_adpll_clk_get_name doesn't account for the
terminating null. This patch adds the extra byte, and switches to
snprintf to avoid overflowing.

Signed-off-by: Stephen Kitt <steve@xxxxxxx>
---
drivers/clk/ti/adpll.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/drivers/clk/ti/adpll.c b/drivers/clk/ti/adpll.c
index fdfb90058504..27933c4e8a27 100644
--- a/drivers/clk/ti/adpll.c
+++ b/drivers/clk/ti/adpll.c
@@ -196,12 +196,13 @@ static const char *ti_adpll_clk_get_name(struct ti_adpll_data *d,
} else {
const char *base_name = "adpll";
char *buf;
+ size_t size = 8 + 1 + strlen(base_name) + 1 +
+ strlen(postfix) + 1;

- buf = devm_kzalloc(d->dev, 8 + 1 + strlen(base_name) + 1 +
- strlen(postfix), GFP_KERNEL);
+ buf = devm_kzalloc(d->dev, size, GFP_KERNEL);
if (!buf)
return NULL;
- sprintf(buf, "%08lx.%s.%s", d->pa, base_name, postfix);
+ snprintf(buf, size, "%08lx.%s.%s", d->pa, base_name, postfix);
name = buf;
}

--
2.20.1

Next message: Arnaldo Carvalho de Melo: "Re: [PATCH] perf map: fix overlapped map handling"
Previous message: Andy Shevchenko: "Re: [PATCH v2] ASoC: Intel: Skylake: prevent memory leak in snd_skl_parse_uuids"
Next in thread: Tony Lindgren: "Re: [PATCH] clk/ti/adpll: allocate room for terminating null"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]