This is a note to let you know that I've just added the patch titled parisc: memory overflow, 'name' length is too short for using to the 3.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: parisc-memory-overflow-name-length-is-too-short-for-using.patch and it can be found in the queue-3.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 3f108de96ba449a8df3d7e3c053bf890fee2cb95 Mon Sep 17 00:00:00 2001 From: Chen Gang <gang.chen@xxxxxxxxxxx> Date: Mon, 27 May 2013 04:57:09 +0000 Subject: parisc: memory overflow, 'name' length is too short for using From: Chen Gang <gang.chen@xxxxxxxxxxx> commit 3f108de96ba449a8df3d7e3c053bf890fee2cb95 upstream. 'path.bc[i]' can be asigned by PCI_SLOT() which can '> 10', so sizeof(6 * "%u:" + "%u" + '\0') may be 21. Since 'name' length is 20, it may be memory overflow. And 'path.bc[i]' is 'unsigned char' for printing, we can be sure the max length of 'name' must be less than 28. So simplify thinking, we can use 28 instead of 20 directly, and do not think of whether 'patchc.bc[i]' can '> 100'. Signed-off-by: Chen Gang <gang.chen@xxxxxxxxxxx> Signed-off-by: Helge Deller <deller@xxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- arch/parisc/kernel/drivers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/parisc/kernel/drivers.c +++ b/arch/parisc/kernel/drivers.c @@ -394,7 +394,7 @@ EXPORT_SYMBOL(print_pci_hwpath); static void setup_bus_id(struct parisc_device *padev) { struct hardware_path path; - char name[20]; + char name[28]; char *output = name; int i; Patches currently in stable-queue which might be from gang.chen@xxxxxxxxxxx are queue-3.9/parisc-kernel-using-strlcpy-instead-of-strcpy.patch queue-3.9/parisc-memory-overflow-name-length-is-too-short-for-using.patch -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html