Message ID | alpine.DEB.2.21.2104141521190.44318@angie.orcam.me.uk |
---|---|
State | Superseded |
Headers | show |
Series | Bring the BusLogic host bus adapter driver up to Y2021 | expand |
On 4/14/21 4:39 PM, Maciej W. Rozycki wrote: > Existing `blogic_msg' invocations do not appear to overrun its internal > buffer of a fixed length of 100, which would cause stack corruption, but > it's easy to miss with possible further updates and a fix is cheap in > performance terms, so limit the output produced into the buffer by using > `vsnprintf' rather than `vsprintf'. > > Signed-off-by: Maciej W. Rozycki <macro@orcam.me.uk> > --- > drivers/scsi/BusLogic.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > linux-buslogic-vsnprintf.diff > Index: linux-macro-ide/drivers/scsi/BusLogic.c > =================================================================== > --- linux-macro-ide.orig/drivers/scsi/BusLogic.c > +++ linux-macro-ide/drivers/scsi/BusLogic.c > @@ -3588,7 +3588,7 @@ static void blogic_msg(enum blogic_msgle > int len = 0; > > va_start(args, adapter); > - len = vsprintf(buf, fmt, args); > + len = vsnprintf(buf, sizeof(buf), fmt, args); > va_end(args); > if (msglevel == BLOGIC_ANNOUNCE_LEVEL) { > static int msglines = 0; > As Maciej explained in other email that snprintf() does null-terminate the string, I think this change is fine. Acked-by: Khalid Aziz <khalid@gonehiking.org>
Index: linux-macro-ide/drivers/scsi/BusLogic.c =================================================================== --- linux-macro-ide.orig/drivers/scsi/BusLogic.c +++ linux-macro-ide/drivers/scsi/BusLogic.c @@ -3588,7 +3588,7 @@ static void blogic_msg(enum blogic_msgle int len = 0; va_start(args, adapter); - len = vsprintf(buf, fmt, args); + len = vsnprintf(buf, sizeof(buf), fmt, args); va_end(args); if (msglevel == BLOGIC_ANNOUNCE_LEVEL) { static int msglines = 0;
Existing `blogic_msg' invocations do not appear to overrun its internal buffer of a fixed length of 100, which would cause stack corruption, but it's easy to miss with possible further updates and a fix is cheap in performance terms, so limit the output produced into the buffer by using `vsnprintf' rather than `vsprintf'. Signed-off-by: Maciej W. Rozycki <macro@orcam.me.uk> --- drivers/scsi/BusLogic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) linux-buslogic-vsnprintf.diff