On 4/14/21 4:39 PM, Maciej W. Rozycki wrote: > Existing `blogic_msg' invocations do not appear to overrun its internal > buffer of a fixed length of 100, which would cause stack corruption, but > it's easy to miss with possible further updates and a fix is cheap in > performance terms, so limit the output produced into the buffer by using > `vsnprintf' rather than `vsprintf'. > > Signed-off-by: Maciej W. Rozycki <macro@xxxxxxxxxxx> > --- > drivers/scsi/BusLogic.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > linux-buslogic-vsnprintf.diff > Index: linux-macro-ide/drivers/scsi/BusLogic.c > =================================================================== > --- linux-macro-ide.orig/drivers/scsi/BusLogic.c > +++ linux-macro-ide/drivers/scsi/BusLogic.c > @@ -3588,7 +3588,7 @@ static void blogic_msg(enum blogic_msgle > int len = 0; > > va_start(args, adapter); > - len = vsprintf(buf, fmt, args); > + len = vsnprintf(buf, sizeof(buf), fmt, args); > va_end(args); > if (msglevel == BLOGIC_ANNOUNCE_LEVEL) { > static int msglines = 0; > As Maciej explained in other email that snprintf() does null-terminate the string, I think this change is fine. Acked-by: Khalid Aziz <khalid@xxxxxxxxxxxxxx>