On Thu, 2013-01-24 at 09:40 +0300, Dan Carpenter wrote:
> We do a:
>
> sprintf(buf, " Last beacon: %ums ago",
> elapsed_jiffies_msecs(bss->ts));
>
> elapsed_jiffies_msecs() can return a 10 digit number so "buf" needs to
> be 31 characters long.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
>
> diff --git a/net/wireless/scan.c b/net/wireless/scan.c
> index 01592d7..45f1618 100644
> --- a/net/wireless/scan.c
> +++ b/net/wireless/scan.c
> @@ -1358,7 +1358,7 @@ ieee80211_bss(struct wiphy *wiphy, struct iw_request_info *info,
> &iwe, IW_EV_UINT_LEN);
> }
>
> - buf = kmalloc(30, GFP_ATOMIC);
> + buf = kmalloc(31, GFP_ATOMIC);
> if (buf) {
> memset(&iwe, 0, sizeof(iwe));
> iwe.cmd = IWEVCUSTOM;
Looks good. Also, to be on the safe side, shouldn't snprintf be used
when writing to buf as well? Same thing higher up where the same buf is
used and alloc'ed 50 bytes...
--
Luca.
--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
