sprintf() (still used in #define MMC_DEV_ATTR()) is vulnerable to the
buffer overflow. Use the new-fangled sysfs_emit() instead.
Found by Linux Verification Center (linuxtesting.org) with the SVACE static
analysis tool.
Signed-off-by: Sergey Shtylyov <s.shtylyov@xxxxxx>
---
This patch is against the 'next' branch of Ulf Hansson's 'mmc.git' repo.
drivers/mmc/core/bus.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Index: mmc/drivers/mmc/core/bus.h
===================================================================
--- mmc.orig/drivers/mmc/core/bus.h
+++ mmc/drivers/mmc/core/bus.h
@@ -9,6 +9,7 @@
#define _MMC_CORE_BUS_H
#include <linux/device.h>
+#include <linux/sysfs.h>
struct mmc_host;
struct mmc_card;
@@ -17,7 +18,7 @@ struct mmc_card;
static ssize_t mmc_##name##_show (struct device *dev, struct device_attribute *attr, char *buf) \
{ \
struct mmc_card *card = mmc_dev_to_card(dev); \
- return sprintf(buf, fmt, args); \
+ return sysfs_emit(buf, fmt, args); \
} \
static DEVICE_ATTR(name, S_IRUGO, mmc_##name##_show, NULL)
