On 6/25/18, 8:31 PM, "Bart Van Assche" <bart.vanassche@xxxxxxx> wrote: >External Email > >On 06/25/18 05:32, Nilesh Javali wrote: >> This patch fixes the static checker warning, >> >> drivers/scsi/qedi/qedi_main.c:891 qedi_get_boot_tgt_info() >> error: snprintf() is printing too much 256 vs 255 > >Which static checker produced this warning? > >> Signed-off-by: Nilesh Javali <nilesh.javali@xxxxxxxxxx> >> --- >> drivers/scsi/qedi/qedi_main.c | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/drivers/scsi/qedi/qedi_main.c >>b/drivers/scsi/qedi/qedi_main.c >> index cf274a7..85491da 100644 >> --- a/drivers/scsi/qedi/qedi_main.c >> +++ b/drivers/scsi/qedi/qedi_main.c >> @@ -888,8 +888,8 @@ static void qedi_get_boot_tgt_info(struct >>nvm_iscsi_block *block, >> ipv6_en = !!(block->generic.ctrl_flags & >> NVM_ISCSI_CFG_GEN_IPV6_ENABLED); >> >> - snprintf(tgt->iscsi_name, NVM_ISCSI_CFG_ISCSI_NAME_MAX_LEN, >>"%s\n", >> - block->target[index].target_name.byte); >> + sprintf(tgt->iscsi_name, "%.*s\n", >>NVM_ISCSI_CFG_ISCSI_NAME_MAX_LEN, >> + block->target[index].target_name.byte); >> >> tgt->ipv6_en = ipv6_en; > >Since sizeof(tgt->iscsi_name) == 255, since >NVM_ISCSI_CFG_ISCSI_NAME_MAX_LEN == 256 and since >sizeof(block->target[index].target_name.byte) == 256, I think you are >making a potential buffer overflow worse instead of just suppressing a >static checker warning. > >Bart. I will send another patch set fixing the sizeof target name (tgt->iscsi_name) along with the above fix. Thanks for the review. Thanks, Nilesh
