On Wed, Feb 01, 2023 at 05:44:57AM +0300, Alexey V. Vissarionov wrote: > serial: samsung: fix buffer size for clk_name > > Although very unlikely, the 'clk_num' value may be as big as > 2**32 - 1 (uint32_max), so the buffer should have enough > space for storing "clk_uart_baud4294967295\0". > Also, the numbers in clk_name are expected to be unsigned. > > Found by ALT Linux Team (altlinux.org) and Linux Verification > Center (linuxtesting.org) using SVACE. > > Signed-off-by: Alexey V. Vissarionov <gremlin@xxxxxxxxxxxx> > Fixes: 5f5a7a5578c5 ("serial: samsung: switch to clkdev based clock lookup") > > --- > > On 2023-01-19 15:52:38 +0100, Greg Kroah-Hartman wrote: > > >> Fixes: 5f5a7a5578c58852 ("serial: samsung: switch to clkdev > >> based clock lookup") > > Please fix your scripts to use the proper number of SHA1 digits > > in a Fixes: line as the documentation asks for. > > Done. Also added the comment to the source regarding the buffer size. > > > diff --git a/drivers/tty/serial/samsung_tty.c b/drivers/tty/serial/samsung_tty.c > index 0fce856434dafd80..2c701dc7c6a37191 100644 > --- a/drivers/tty/serial/samsung_tty.c > +++ b/drivers/tty/serial/samsung_tty.c > @@ -1407,7 +1407,7 @@ static void s3c24xx_serial_pm(struct uart_port *port, unsigned int level, > * > */ > > -#define MAX_CLK_NAME_LENGTH 15 > +#define MAX_CLK_NAME_LENGTH 24 /* "clk_uart_baud4294967295\0" */ > > static inline int s3c24xx_serial_getsource(struct uart_port *port) > { > @@ -1457,7 +1457,7 @@ static unsigned int s3c24xx_serial_getclk(struct s3c24xx_uart_port *ourport, > !(ourport->cfg->clk_sel & (1 << cnt))) > continue; > > - sprintf(clkname, "clk_uart_baud%d", cnt); > + sprintf(clkname, "clk_uart_baud%u", cnt); So you bump the size of the buffer and continue to use an "unsafe" call that could overflow the buffer? Is this a plan to submit a series of patches all "fixing" something based on the last change? :) As Krzysztof said, this whole thing is not needed at all. Please fix your tool to generate valid changes. thanks, greg k-h