| Message ID | b7dd683f-3856-5760-a16b-43f21f706939@omp.ru |
|---|---|
| State | New |
| Headers | show |
| Series | mmc: core: sd: use sysfs_emit() in #define sdio_info_attr() | expand |
On 1/25/22 11:31 PM, Sergey Shtylyov wrote: > sprintf() (still used in #define sdio_info_attr()) is vulnerable to the > buffer overflow. Use the new-fangled sysfs_emit() instead. > > While at it, add spaces around the minus sign... > > Found by Linux Verification Center (linuxtesting.org) with the SVACE static > analysis tool. > > Signed-off-by: Sergey Shtylyov <s.shtylyov@omp.ru> > > --- > This patch is against the 'next' branch of Ulf Hansson's 'mmc.git' repo. Ignore this one, I've just sent v2... MBR, Sergey
Index: mmc/drivers/mmc/core/sd.c =================================================================== --- mmc.orig/drivers/mmc/core/sd.c +++ mmc/drivers/mmc/core/sd.c @@ -735,9 +735,9 @@ static ssize_t info##num##_show(struct d \ if (num > card->num_info) \ return -ENODATA; \ - if (!card->info[num-1][0]) \ + if (!card->info[num - 1][0]) \ return 0; \ - return sprintf(buf, "%s\n", card->info[num-1]); \ + return sysfs_emit(buf, "%s\n", card->info[num - 1]); \ } \ static DEVICE_ATTR_RO(info##num)
sprintf() (still used in #define sdio_info_attr()) is vulnerable to the buffer overflow. Use the new-fangled sysfs_emit() instead. While at it, add spaces around the minus sign... Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool. Signed-off-by: Sergey Shtylyov <s.shtylyov@omp.ru> --- This patch is against the 'next' branch of Ulf Hansson's 'mmc.git' repo. drivers/mmc/core/sd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)