From patchwork Wed Jul 19 12:53:06 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 108288 Delivered-To: patch@linaro.org Received: by 10.140.101.44 with SMTP id t41csp781475qge; Wed, 19 Jul 2017 05:56:49 -0700 (PDT) X-Received: by 10.98.198.208 with SMTP id x77mr2824013pfk.229.1500469009221; Wed, 19 Jul 2017 05:56:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1500469009; cv=none; d=google.com; s=arc-20160816; b=Ho22Wt1ZHl/uXvzkfAjF3Dq0e03ZOuZUE6VdjFUYpZAejtgX8/g8NXXKRaIzJ7qoFQ NQhRlpr+YGtJqrbOrup2u3dFkYzaayhw/6CNJsUlSg4oaDBYzSRFGQiXVt9L8TjChBRv Y4PqA4IqvfAOYwuvMv8RCZaEzg2dqu4Y6pWeIvo6aySPcEooJOObdKONO9dwG8ZpMxfN H+R9/bvoh8hrYX78U2Bwby9pnW/vZ3rVfk/18OMjKMqEKKx7LDbsGNciqlnkTCl2s5BL YRog6HnkV6bluAMBAhtzGB3z2YEWBpdnaNirwhJrsMTF8qUEz8gfvbRtnWwJskLXDWUh Xl+A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=XGBgN9psNBdeo95mxrPWZ0FBDqYQZzr81GQNXskuxqE=; b=rwQnlrYQcgmtNW6J6RnqAcDOPJr06rEOrkImqNU5H0LEq1uba8uGF9DS4I7fUUq8hf lSFH6baNBJcACVFEGcdppOYFSBfKkziAaL46SBlTPVR2HwFc1C/G5K2c/T8AKKEi6V6x ex7ZHy5BCy/xuQe6enFZ7nQ8no2kSPmXwg8W2Wj+RfOLas5exJy5BRKXFrmtu26nit8O F3B55k0hvspnlKORQ+D36TSENBeK4XSrbPTTEEXKYbzBBdGszTl3peHesGSBFSEkiYHo mpnQ2/mYIXlT6kTpnNaoFbY2YYEMgnCJVSaIIk5aneVLhOqDFBjvezyuUD/hef6JvA+J eYTA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v29si4191166pfl.262.2017.07.19.05.56.48; Wed, 19 Jul 2017 05:56:49 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754154AbdGSM4r (ORCPT + 25 others); Wed, 19 Jul 2017 08:56:47 -0400 Received: from mout.kundenserver.de ([217.72.192.73]:56950 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754068AbdGSM4h (ORCPT ); Wed, 19 Jul 2017 08:56:37 -0400 Received: from wuerfel.lan ([5.56.224.194]) by mrelayeu.kundenserver.de (mreue102 [212.227.15.145]) with ESMTPA (Nemesis) id 0MY6a0-1dBlOu3cKO-00Uv0G; Wed, 19 Jul 2017 14:55:40 +0200 From: Arnd Bergmann To: x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" Cc: linux-kernel@vger.kernel.org, Arnd Bergmann Subject: [PATCH 8/8] x86: intel-mid: fix a format string overflow warning Date: Wed, 19 Jul 2017 14:53:06 +0200 Message-Id: <20170719125310.2487451-9-arnd@arndb.de> X-Mailer: git-send-email 2.9.0 In-Reply-To: <20170719125310.2487451-1-arnd@arndb.de> References: <20170719125310.2487451-1-arnd@arndb.de> X-Provags-ID: V03:K0:tTrM3O40I/e2eKw10vBef2suLNIkZ9H4BjJyaYPLVLLD6VHrhL7 kWy+nIGbbv6omJkE/FSn7F3GjQ0HKuEuonyzVkU564gDZcHehhjhf3kv1ybP1ddQpBvzDvK Gb40UxF0hH0aTfZymdQJH8xOWI9UlUw9CuiBlcOwQSyPgKON5qyM2wBOYJdv5QsxHlNDlRt HafZ4yk91cXgUTDVPJCMg== X-UI-Out-Filterresults: notjunk:1; V01:K0:U56bpg4Wphw=:RAkBnlLkmeO8xj0T6dH2U8 cVNRNXXwq3bMmPUwSKxZDlX+wYcmdxXRh7hgPjf26g5H3gpHXu8o6blJs01szGzNb0up9cEes dH2RB7fqZgSCKsf5+Gv4NSpBjx8NPlgPC4VFCs35HdZC3e4VVmcKeoTgm9ModrGSHyW59a7n4 HJ9O6uOEeiSmAAPqct0jKDKbEnQIyutOsSrkodYwqJ67yr62ghOXZEuxRTEN6zKmxXleEC5TY ZbuTmySh+0HGsD/VWjAl5gJF7NQGV7UZ4qSqlQ0SmsdYEpSDWIqM45pvKvXB0kj4Lv8tq+0CJ FgSP5byHI+mlGmrNR2R6FXbMlggxfoUtcQxQlGHz3QDg5XgRUxC85YMHEvu5F1bT8t2pUL/jZ zyan3Ay3g3VdpMUzwm7Rb2o8d77lswNlKfOdru/Fi+77Yg3Ydf+xf8U1NpGYKZN6ynZ1bbTtF 1vrGHU3T6bZbkVTLqjJ2rmDmexGu0Keqi2AgwJ679V3/xo90fsxJDj3QmO9rMHDqNdE5tO85a o4mkC2Wd5Guk+/HzG9t/MVDXuvA+s2Syewt7ifZuNCRrKb6O5kz2LO9yjfMTAb2Kp2OWZGsjM DR06d8vI34gJjNOZqOyq2h47KB8Sa7yP8dXu4ozhJ+5RsjaK5UK3gBWN66ZURX/wHIImQ7Z24 +AHH2UlTqXdFlEb/XGvArxjvB6rPGZrUCvOkD/Ck3WiXE/bbioIqOsFW8+GmwVFlv/XgdtB1P jLBbH8cqA3erWvGBHMgKVfmu1ilUuIkIw+6myQ== Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org We have space for exactly three characters for the index in "max7315_%d_base", but as gcc points out having more would cause an string overflow: arch/x86/platform/intel-mid/device_libs/platform_max7315.c: In function 'max7315_platform_data': arch/x86/platform/intel-mid/device_libs/platform_max7315.c:41:26: error: '%d' directive writing between 1 and 11 bytes into a region of size 9 [-Werror=format-overflow=] sprintf(base_pin_name, "max7315_%d_base", nr); ^~~~~~~~~~~~~~~~~ arch/x86/platform/intel-mid/device_libs/platform_max7315.c:41:26: note: directive argument in the range [-2147483647, 2147483647] arch/x86/platform/intel-mid/device_libs/platform_max7315.c:41:3: note: 'sprintf' output between 15 and 25 bytes into a destination of size 17 sprintf(base_pin_name, "max7315_%d_base", nr); This makes it use an snprintf() to truncate the string if that happened rather than overflowing the stack. In practice, this is safe, because there won't be a large number of max7315 devices in the systems, and both the format and the length are defined by the firmware interface. Signed-off-by: Arnd Bergmann --- Originally submitted on July 14, this is the same patch with slightly improved changelog. --- arch/x86/platform/intel-mid/device_libs/platform_max7315.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) -- 2.9.0 diff --git a/arch/x86/platform/intel-mid/device_libs/platform_max7315.c b/arch/x86/platform/intel-mid/device_libs/platform_max7315.c index 6e075afa7877..58337b2bc682 100644 --- a/arch/x86/platform/intel-mid/device_libs/platform_max7315.c +++ b/arch/x86/platform/intel-mid/device_libs/platform_max7315.c @@ -38,8 +38,10 @@ static void __init *max7315_platform_data(void *info) */ strcpy(i2c_info->type, "max7315"); if (nr++) { - sprintf(base_pin_name, "max7315_%d_base", nr); - sprintf(intr_pin_name, "max7315_%d_int", nr); + snprintf(base_pin_name, sizeof(base_pin_name), + "max7315_%d_base", nr); + snprintf(intr_pin_name, sizeof(intr_pin_name), + "max7315_%d_int", nr); } else { strcpy(base_pin_name, "max7315_base"); strcpy(intr_pin_name, "max7315_int");