Using an array of chars without trailing '\000' as a parameter in sprintf() function can cause segfault. The snprintf() function should be used instead. Signed-off-by: Lukasz Dorau <lukasz.dorau@xxxxxxxxx> --- super-intel.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/super-intel.c b/super-intel.c index af06660..696cff3 100644 --- a/super-intel.c +++ b/super-intel.c @@ -6015,7 +6015,7 @@ static int mark_failure(struct imsm_dev *dev, struct imsm_disk *disk, int idx) if (is_failed(disk) && (ord & IMSM_ORD_REBUILD)) return 0; - sprintf(buf, "%s:0", disk->serial); + snprintf(buf, MAX_RAID_SERIAL_LEN, "%s:0", disk->serial); if ((len = strlen(buf)) >= MAX_RAID_SERIAL_LEN) shift = len - MAX_RAID_SERIAL_LEN + 1; strncpy((char *)disk->serial, &buf[shift], MAX_RAID_SERIAL_LEN); -- To unsubscribe from this list: send the line "unsubscribe linux-raid" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
