snprintf's return value is not bound by size value. (https://www.kernel.org/doc/htmldocs/kernel-api/API-snprintf.html) if printed value is larger than buffer size, it can overwrite null byte in out-of-bounds buffer. Signed-off-by: Insu Yun <wuninsu@xxxxxxxxx> --- drivers/firmware/efi/cper.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/firmware/efi/cper.c b/drivers/firmware/efi/cper.c index d425374..77aa75f 100644 --- a/drivers/firmware/efi/cper.c +++ b/drivers/firmware/efi/cper.c @@ -267,7 +267,6 @@ static int cper_dimm_err_location(struct cper_mem_err_compact *mem, char *msg) "DIMM location: not present. DMI handle: 0x%.4x ", mem->mem_dev_handle); - msg[n] = '\0'; return n; } -- 1.9.1 -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
