Re: [PATCH][next][V2] wlcore: Fix buffer overrun by snprintf due to incorrect buffer size

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Colin King <colin.king@xxxxxxxxxxxxx> wrote:

> From: Colin Ian King <colin.king@xxxxxxxxxxxxx>
> 
> The size of the buffer than can be written to is currently incorrect, it is
> always the size of the entire buffer even though the snprintf is writing
> as position pos into the buffer. Fix this by setting the buffer size to be
> the number of bytes left in the buffer, namely sizeof(buf) - pos.
> 
> Addresses-Coverity: ("Out-of-bounds access")
> Fixes: 7b0e2c4f6be3 ("wlcore: fix overlapping snprintf arguments in debugfs")
> Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
> Reviewed-by: Arnd Bergmann <arnd@xxxxxxxx>

Patch applied to wireless-drivers-next.git, thanks.

a9a4c080deb3 wlcore: Fix buffer overrun by snprintf due to incorrect buffer size

-- 
https://patchwork.kernel.org/project/linux-wireless/patch/20210419141405.180582-1-colin.king@xxxxxxxxxxxxx/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches




[Index of Archives]     [Kernel Development]     [Kernel Announce]     [Kernel Newbies]     [Linux Networking Development]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Device Mapper]

  Powered by Linux