* [RFC PATCH] devicetree: Fix buffer overflow on setting device node name
@ 2010-04-08 1:51 ` Grant Likely
0 siblings, 0 replies; 4+ messages in thread
From: Grant Likely @ 2010-04-08 1:51 UTC (permalink / raw)
To: qemu-devel-qX2TKyscuCcdnm+yROfE0A,
devicetree-discuss-uLR06cmDAlY/bJ5BZ2RsiQ,
jeremy.kerr-Z7WLFzj8eWMS+FvcfC7Uqw
Fix bug where temporary buffer for sprintf() was not large enough
when setting a device tree node name.
Signed-off-by: Grant Likely <grant.likely-s3s/WqlpOiPyB63q8FvJNQ@public.gmane.org>
---
Hi Jeremy. Here's the fix I promised. With this change your current tree
works beautifully. I've pushed out the kernel that works with this QEMU
branch to my Linux kernel git tree:
git://git.secretlab.ca/git/linux-2.6 test-devicetree
Cheers,
g.
hw/qdev.c | 2 +-
hw/sysbus.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/qdev.c b/hw/qdev.c
index caa5b35..36582ec 100644
--- a/hw/qdev.c
+++ b/hw/qdev.c
@@ -868,7 +868,7 @@ static int qdev_fdt_add_device(void *fdt, DeviceState *dev, int bus_offset)
{
BusState *child;
int dev_offset, rc;
- char name[sizeof(dev->info->name) + 9];
+ char name[sizeof(dev->info->name) + 20];
static int unique = 0;
sprintf(name, "%s@%x", dev->info->name, unique++);
diff --git a/hw/sysbus.c b/hw/sysbus.c
index c63deef..c17d12d 100644
--- a/hw/sysbus.c
+++ b/hw/sysbus.c
@@ -230,7 +230,7 @@ static int sysbus_fdt_populate_node(DeviceState *dev, void *fdt, int offset)
for (i = 0; i < s->num_mmio; i++) {
/* By convention, the name is appended with '@<first reg addr>' */
if (i == 0) {
- char n[sizeof(dev->info->name) + 10];
+ char n[sizeof(dev->info->name) + 20];
sprintf(n, "%s@%x", dev->info->name, (uint32_t)s->mmio[i].addr);
rc = fdt_set_name(fdt, offset, n);
if (rc < 0)
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [Qemu-devel] [RFC PATCH] devicetree: Fix buffer overflow on setting device node name
@ 2010-04-08 1:51 ` Grant Likely
0 siblings, 0 replies; 4+ messages in thread
From: Grant Likely @ 2010-04-08 1:51 UTC (permalink / raw)
To: qemu-devel, devicetree-discuss, jeremy.kerr
Fix bug where temporary buffer for sprintf() was not large enough
when setting a device tree node name.
Signed-off-by: Grant Likely <grant.likely@secretlab.ca>
---
Hi Jeremy. Here's the fix I promised. With this change your current tree
works beautifully. I've pushed out the kernel that works with this QEMU
branch to my Linux kernel git tree:
git://git.secretlab.ca/git/linux-2.6 test-devicetree
Cheers,
g.
hw/qdev.c | 2 +-
hw/sysbus.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/qdev.c b/hw/qdev.c
index caa5b35..36582ec 100644
--- a/hw/qdev.c
+++ b/hw/qdev.c
@@ -868,7 +868,7 @@ static int qdev_fdt_add_device(void *fdt, DeviceState *dev, int bus_offset)
{
BusState *child;
int dev_offset, rc;
- char name[sizeof(dev->info->name) + 9];
+ char name[sizeof(dev->info->name) + 20];
static int unique = 0;
sprintf(name, "%s@%x", dev->info->name, unique++);
diff --git a/hw/sysbus.c b/hw/sysbus.c
index c63deef..c17d12d 100644
--- a/hw/sysbus.c
+++ b/hw/sysbus.c
@@ -230,7 +230,7 @@ static int sysbus_fdt_populate_node(DeviceState *dev, void *fdt, int offset)
for (i = 0; i < s->num_mmio; i++) {
/* By convention, the name is appended with '@<first reg addr>' */
if (i == 0) {
- char n[sizeof(dev->info->name) + 10];
+ char n[sizeof(dev->info->name) + 20];
sprintf(n, "%s@%x", dev->info->name, (uint32_t)s->mmio[i].addr);
rc = fdt_set_name(fdt, offset, n);
if (rc < 0)
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [RFC PATCH] devicetree: Fix buffer overflow on setting device node name
2010-04-08 1:51 ` [Qemu-devel] " Grant Likely
@ 2010-04-08 3:48 ` Jeremy Kerr
-1 siblings, 0 replies; 4+ messages in thread
From: Jeremy Kerr @ 2010-04-08 3:48 UTC (permalink / raw)
To: Grant Likely
Cc: devicetree-discuss-uLR06cmDAlY/bJ5BZ2RsiQ,
qemu-devel-qX2TKyscuCcdnm+yROfE0A
Hi Grant,
Thanks, this fixes the overflow for me too. Have applied to my tree and pushed
out.
If anyone else would like to check out out the patches, my tree is at:
http://kernel.ubuntu.com/git?p=jk/dt/qemu.git;a=summary
git://kernel.ubuntu.com/jk/dt/qemu.git
Cheers,
Jeremy
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2010-04-08 3:48 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-04-08 1:51 [RFC PATCH] devicetree: Fix buffer overflow on setting device node name Grant Likely
2010-04-08 1:51 ` [Qemu-devel] " Grant Likely
2010-04-08 3:48 ` Jeremy Kerr
2010-04-08 3:48 ` [Qemu-devel] " Jeremy Kerr
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.