From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754153AbdGSM4r (ORCPT ); Wed, 19 Jul 2017 08:56:47 -0400 Received: from mout.kundenserver.de ([217.72.192.73]:56950 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754068AbdGSM4h (ORCPT ); Wed, 19 Jul 2017 08:56:37 -0400 From: Arnd Bergmann To: x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" Cc: linux-kernel@vger.kernel.org, Arnd Bergmann Subject: [PATCH 8/8] x86: intel-mid: fix a format string overflow warning Date: Wed, 19 Jul 2017 14:53:06 +0200 Message-Id: <20170719125310.2487451-9-arnd@arndb.de> X-Mailer: git-send-email 2.9.0 In-Reply-To: <20170719125310.2487451-1-arnd@arndb.de> References: <20170719125310.2487451-1-arnd@arndb.de> X-Provags-ID: V03:K0:tTrM3O40I/e2eKw10vBef2suLNIkZ9H4BjJyaYPLVLLD6VHrhL7 kWy+nIGbbv6omJkE/FSn7F3GjQ0HKuEuonyzVkU564gDZcHehhjhf3kv1ybP1ddQpBvzDvK Gb40UxF0hH0aTfZymdQJH8xOWI9UlUw9CuiBlcOwQSyPgKON5qyM2wBOYJdv5QsxHlNDlRt HafZ4yk91cXgUTDVPJCMg== X-UI-Out-Filterresults: notjunk:1;V01:K0:U56bpg4Wphw=:RAkBnlLkmeO8xj0T6dH2U8 cVNRNXXwq3bMmPUwSKxZDlX+wYcmdxXRh7hgPjf26g5H3gpHXu8o6blJs01szGzNb0up9cEes dH2RB7fqZgSCKsf5+Gv4NSpBjx8NPlgPC4VFCs35HdZC3e4VVmcKeoTgm9ModrGSHyW59a7n4 HJ9O6uOEeiSmAAPqct0jKDKbEnQIyutOsSrkodYwqJ67yr62ghOXZEuxRTEN6zKmxXleEC5TY ZbuTmySh+0HGsD/VWjAl5gJF7NQGV7UZ4qSqlQ0SmsdYEpSDWIqM45pvKvXB0kj4Lv8tq+0CJ FgSP5byHI+mlGmrNR2R6FXbMlggxfoUtcQxQlGHz3QDg5XgRUxC85YMHEvu5F1bT8t2pUL/jZ zyan3Ay3g3VdpMUzwm7Rb2o8d77lswNlKfOdru/Fi+77Yg3Ydf+xf8U1NpGYKZN6ynZ1bbTtF 1vrGHU3T6bZbkVTLqjJ2rmDmexGu0Keqi2AgwJ679V3/xo90fsxJDj3QmO9rMHDqNdE5tO85a o4mkC2Wd5Guk+/HzG9t/MVDXuvA+s2Syewt7ifZuNCRrKb6O5kz2LO9yjfMTAb2Kp2OWZGsjM DR06d8vI34gJjNOZqOyq2h47KB8Sa7yP8dXu4ozhJ+5RsjaK5UK3gBWN66ZURX/wHIImQ7Z24 +AHH2UlTqXdFlEb/XGvArxjvB6rPGZrUCvOkD/Ck3WiXE/bbioIqOsFW8+GmwVFlv/XgdtB1P jLBbH8cqA3erWvGBHMgKVfmu1ilUuIkIw+6myQ== Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org We have space for exactly three characters for the index in "max7315_%d_base", but as gcc points out having more would cause an string overflow: arch/x86/platform/intel-mid/device_libs/platform_max7315.c: In function 'max7315_platform_data': arch/x86/platform/intel-mid/device_libs/platform_max7315.c:41:26: error: '%d' directive writing between 1 and 11 bytes into a region of size 9 [-Werror=format-overflow=] sprintf(base_pin_name, "max7315_%d_base", nr); ^~~~~~~~~~~~~~~~~ arch/x86/platform/intel-mid/device_libs/platform_max7315.c:41:26: note: directive argument in the range [-2147483647, 2147483647] arch/x86/platform/intel-mid/device_libs/platform_max7315.c:41:3: note: 'sprintf' output between 15 and 25 bytes into a destination of size 17 sprintf(base_pin_name, "max7315_%d_base", nr); This makes it use an snprintf() to truncate the string if that happened rather than overflowing the stack. In practice, this is safe, because there won't be a large number of max7315 devices in the systems, and both the format and the length are defined by the firmware interface. Signed-off-by: Arnd Bergmann --- Originally submitted on July 14, this is the same patch with slightly improved changelog. --- arch/x86/platform/intel-mid/device_libs/platform_max7315.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/x86/platform/intel-mid/device_libs/platform_max7315.c b/arch/x86/platform/intel-mid/device_libs/platform_max7315.c index 6e075afa7877..58337b2bc682 100644 --- a/arch/x86/platform/intel-mid/device_libs/platform_max7315.c +++ b/arch/x86/platform/intel-mid/device_libs/platform_max7315.c @@ -38,8 +38,10 @@ static void __init *max7315_platform_data(void *info) */ strcpy(i2c_info->type, "max7315"); if (nr++) { - sprintf(base_pin_name, "max7315_%d_base", nr); - sprintf(intr_pin_name, "max7315_%d_int", nr); + snprintf(base_pin_name, sizeof(base_pin_name), + "max7315_%d_base", nr); + snprintf(intr_pin_name, sizeof(intr_pin_name), + "max7315_%d_int", nr); } else { strcpy(base_pin_name, "max7315_base"); strcpy(intr_pin_name, "max7315_int"); -- 2.9.0