The patch titled
vsnprintf() fix
has been added to the -mm tree. Its filename is
vsnprintf-fix.patch
See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this
------------------------------------------------------
Subject: vsnprintf() fix
From: Andrew Morton <akpm@xxxxxxxx>
The recent vsnprintf() fix introduced an off-by-one, and it's now possible to
overrun the target buffer by one byte. This happens when someone is trying to
print into a too-short buffer (ie: rare).
Local variable `end' points at the buffer limit - make sure that we honour
that.
[jeremy@xxxxxxxx: make the `size==0' case work properly]
Signed-off-by: Jeremy Fitzhardinge <jeremy@xxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---
lib/vsprintf.c | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
diff -puN lib/vsprintf.c~vsnprintf-fix lib/vsprintf.c
--- a/lib/vsprintf.c~vsnprintf-fix
+++ a/lib/vsprintf.c
@@ -259,7 +259,9 @@ int vsnprintf(char *buf, size_t size, co
int len;
unsigned long long num;
int i, base;
- char *str, *end, c;
+ char *str; /* Where we're writing to */
+ char *end; /* First unwritable byte */
+ char c;
const char *s;
int flags; /* flags to number() */
@@ -489,7 +491,7 @@ int vsnprintf(char *buf, size_t size, co
if (str < end)
*str = '\0';
else
- *end = '\0';
+ end[-1] = '\0';
}
/* the trailing null byte doesn't count towards the total */
return str-buf;
_
Patches currently in -mm which might be from akpm@xxxxxxxx are
origin.patch
x86-do_irq-check-irq-number.patch
load_module-cleanup.patch
x86_64-oprofile-build-fix.patch
vsnprintf-fix.patch
disable-debugging-version-of-write_lock.patch
git-acpi.patch
git-acpi-fixup.patch
acpi_srat-needs-acpi.patch
acpi-asus-s3-resume-fix-fix.patch
sony_apci-resume.patch
git-agpgart.patch
kauditd_thread-warning-fix.patch
i2c-801-64bit-resource-fix.patch
git-geode-fixup.patch
git-gfs2.patch
git-gfs2-fixup.patch
gfs2-get_sb_dev-fix.patch
revert-ignore-makes-built-in-rules-variables.patch
revert-sparc-build-breakage.patch
git-klibc.patch
git-klibc-fixup.patch
git-hdrcleanup-vs-git-klibc-on-ia64.patch
git-hdrcleanup-vs-git-klibc-on-ia64-2.patch
git-libata-all.patch
sata-is-bust-on-s390.patch
forcedeth-typecast-cleanup.patch
drivers-net-ns83820c-add-paramter-to-disable-auto.patch
af_unix-datagram-getpeersec-fix.patch
git-pcmcia-fixup.patch
powerpc-kcofnig-warning-fix.patch
git-sas.patch
git-sas-sas_discover-build-fix.patch
serial-8250-sysrq-deadlock-fix.patch
serial-fix-uart_bug_txen-test.patch
revert-gregkh-pci-pci-test-that-drivers-properly-call-pci_set_master.patch
clear-abnormal-poweroff-flag-on-via-southbridges-fix-resume-fix.patch
git-scsi-misc.patch
git-scsi-misc-fixup.patch
areca-raid-linux-scsi-driver.patch
git-scsi-target-fixup.patch
pm-usb-hcds-use-pm_event_prethaw-fix.patch
git-supertrak-fixup.patch
bcm43xx-opencoded-locking-fix.patch
adix-tree-rcu-lockless-readside-update-tidy.patch
zoned-vm-counters-create-vmstatc-h-from-page_allocc-h-s390-fix.patch
zoned-vm-counters-create-vmstatc-h-from-page_allocc-h-fix.patch
zoned-vm-counters-basic-zvc-zoned-vm-counter-implementation-tidy.patch
zoned-vm-counters-basic-zvc-zoned-vm-counter-implementation-export-vm_stat.patch
zoned-vm-counters-convert-nr_mapped-to-per-zone-counter-fix.patch
zoned-vm-counters-remove-nr_file_mapped-from-scan-control-structure-fix.patch
zoned-vm-counters-conversion-of-nr_slab-to-per-zone-counter-fix.patch
zoned-vm-counters-conversion-of-nr_pagetables-to-per-zone-counter-fix.patch
zoned-vm-counters-conversion-of-nr_dirty-to-per-zone-counter-fix.patch
zoned-vm-counters-conversion-of-nr_writeback-to-per-zone-counter.patch
zoned-vm-counters-conversion-of-nr_writeback-to-per-zone-counter-fix.patch
zoned-vm-counters-conversion-of-nr_unstable-to-per-zone-counter-nfs-fix.patch
zoned-vm-counters-conversion-of-nr_unstable-to-per-zone-counter-fix.patch
zoned-vm-counters-conversion-of-nr_bounce-to-per-zone-counter.patch
zoned-vm-counters-conversion-of-nr_bounce-to-per-zone-counter-fix.patch
zoned-vm-counters-remove-read_page_state.patch
mm-tracking-shared-dirty-pages-checks.patch
mm-tracking-shared-dirty-pages-wimp.patch
slab-consolidate-code-to-free-slabs-from-freelist-fix.patch
acx1xx-wireless-driver.patch
tiacx-pci-build-fix.patch
tiacx-ia64-fix.patch
add-smp_setup_processor_id.patch
deprecate-smbfs-in-favour-of-cifs.patch
destroy-the-dentries-contributed-by-a-superblock-on-unmounting-fix.patch
cond_resched-fix.patch
reiserfs-on-demand-bitmap-loading-fix.patch
per-task-delay-accounting-proc-export-of-aggregated-block-i-o-delays-warning-fix.patch
delay-accounting-taskstats-interface-send-tgid-once-fixes.patch
sched-clean-up-fallout-of-recent-changes-fix.patch
swap_prefetch-vs-zoned-counters.patch
mark-address_space_operations-const-vs-ecryptfs-mmap-operations.patch
ecryptfs-alpha-build-fix.patch
ecryptfs-more-elegant-aes-key-size-manipulation-tidy.patch
ecryptfs-get_sb_dev-fix.patch
namespaces-add-nsproxy-dont-include-compileh.patch
namespaces-utsname-switch-to-using-uts-namespaces-alpha-fix.patch
namespaces-utsname-use-init_utsname-when-appropriate-cifs-update.patch
namespaces-utsname-implement-utsname-namespaces-export.patch
namespaces-utsname-implement-utsname-namespaces-dont-include-compileh.patch
namespaces-utsname-sysctl-hack-cleanup-2-fix.patch
ipc-namespace-core-fix.patch
task-watchers-task-watchers-tidy.patch
task-watchers-add-support-for-per-task-watchers-warning-fix.patch
readahead-sysctl-parameters-fix.patch
make-copy_from_user_inatomic-not-zero-the-tail-on-i386-vs-reiser4.patch
reiser4-hardirq-include-fix.patch
reiser4-run-truncate_inode_pages-in-reiser4_delete_inode.patch
reiser4-get_sb_dev-fix.patch
reiser4-vs-zoned-allocator.patch
hpt3xx-rework-rate-filtering-tidy.patch
genirq-rename-desc-handler-to-desc-chip-power-fix.patch
genirq-rename-desc-handler-to-desc-chip-ia64-fix.patch
genirq-rename-desc-handler-to-desc-chip-ia64-fix-2.patch
genirq-rename-desc-handler-to-desc-chip-terminate_irqs-fix.patch
genirq-ia64-build-fix.patch
lockdep-add-disable-enable_irq_lockdep-api-fix.patch
lockdep-irqtrace-subsystem-x86_64-support-fix.patch
srcu-rcu-variant-permitting-read-side-blocking-fixes.patch
srcu-add-srcu-operations-to-rcutorture-fix.patch
srcu-2-add-srcu-operations-to-rcutorture-fix.patch
ro-bind-mounts-elevate-write-count-during-entire-ncp_ioctl-tidy.patch
nr_blockdev_pages-in_interrupt-warning.patch
device-suspend-debug.patch
revert-tty-buffering-comment-out-debug-code.patch
slab-leaks3-default-y.patch
x86-kmap_atomic-debugging.patch
-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
