Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[pull] master from torvalds:master #1

Merged
merged 23 commits into from
Nov 14, 2018
Merged
Changes from 1 commit
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
5841734
scsi: target/core: Avoid that a kernel oops is triggered when COMPARE…
bvanassche Nov 6, 2018
f8f4adc
scsi: myrb: fix sprintf buffer overflow warning
arndb Nov 2, 2018
f8d2943
scsi: lpfc: fix remoteport access
arndb Nov 2, 2018
77409c4
scsi: myrs: avoid stack overflow warning
arndb Nov 2, 2018
a3ecf48
scsi: myrs: only build on little-endian platforms
arndb Nov 2, 2018
e34ff8e
scsi: hisi_sas: Remove set but not used variable 'dq_list'
Oct 26, 2018
0d52e64
scsi: qla2xxx: Fix a typo in MODULE_PARM_DESC
standby24x7 Oct 28, 2018
96edebd
scsi: NCR5380: Return false instead of NULL
Oct 24, 2018
86d4d06
parisc: Revert "Release spinlocks using ordered store"
danglin44 Nov 6, 2018
aca49ee
Revert "scsi: ufs: Disable blk-mq for now"
martinkpetersen Nov 6, 2018
f635e48
scsi: qla2xxx: Initialize port speed to avoid setting lower speed
Nov 6, 2018
fbb974b
rtc: cmos: Do not export alarm rtc_ops when we do not support alarms
jwrdegoede Sep 4, 2018
7ce9a99
rtc: hctosys: Add missing range error reporting
Nov 5, 2018
9bde0af
rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write
xulinsun Nov 6, 2018
1e9c75f
mnt: fix __detach_mounts infinite loop
bcodding-rh Oct 3, 2018
5df7a99
ARM: 8810/1: vfp: Fix wrong assignement to ufp_exc
Nov 8, 2018
0d76bcc
Revert "ACPI/PCI: Pay attention to device-specific _PXM node values"
bjorn-helgaas Nov 13, 2018
e2f8b47
Merge branch 'spectre' of git://git.armlinux.org.uk/~rmk/linux-arm
torvalds Nov 14, 2018
857c34c
Merge branch 'parisc-4.20-3' of git://git.kernel.org/pub/scm/linux/ke…
torvalds Nov 14, 2018
47e624c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel…
torvalds Nov 14, 2018
b7bbf99
Merge tag 'rtc-4.20-2' of git://git.kernel.org/pub/scm/linux/kernel/g…
torvalds Nov 14, 2018
dbcec2e
Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/g…
torvalds Nov 14, 2018
d41217a
Merge tag 'pci-v4.20-fixes-1' of git://git.kernel.org/pub/scm/linux/k…
torvalds Nov 14, 2018
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
scsi: myrb: fix sprintf buffer overflow warning
gcc warns that the 12 byte fw_version field might not be long enough to
contain the generated firmware name string:

drivers/scsi/myrb.c: In function 'myrb_get_hba_config':
drivers/scsi/myrb.c:1052:38: error: '%02d' directive writing between 2 and 3 bytes into a region of size between 2 and 5 [-Werror=format-overflow=]
  sprintf(cb->fw_version, "%d.%02d-%c-%02d",
                                      ^~~~
drivers/scsi/myrb.c:1052:26: note: directive argument in the range [0, 255]
  sprintf(cb->fw_version, "%d.%02d-%c-%02d",
                          ^~~~~~~~~~~~~~~~~
drivers/scsi/myrb.c:1052:2: note: 'sprintf' output between 10 and 14 bytes into a destination of size 12
  sprintf(cb->fw_version, "%d.%02d-%c-%02d",
  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   enquiry2->fw.major_version,
   ~~~~~~~~~~~~~~~~~~~~~~~~~~~
   enquiry2->fw.minor_version,
   ~~~~~~~~~~~~~~~~~~~~~~~~~~~
   enquiry2->fw.firmware_type,
   ~~~~~~~~~~~~~~~~~~~~~~~~~~~
   enquiry2->fw.turn_id);
   ~~~~~~~~~~~~~~~~~~~~~

I have not checked whether there are appropriate range checks before the
sprintf, but there is a range check after it that will bail out in case
of out of range version numbers. This means we can simply use snprintf()
instead of sprintf() to limit the output buffer size, and it will work
correctly.

Fixes: 081ff39 ("scsi: myrb: Add Mylex RAID controller (block interface)")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
  • Loading branch information
arndb authored and martinkpetersen committed Nov 6, 2018
commit f8f4adc1c1661686f492cf27817844a3d0517aff
3 changes: 2 additions & 1 deletion drivers/scsi/myrb.c
Original file line number Diff line number Diff line change
Expand Up @@ -1049,7 +1049,8 @@ static int myrb_get_hba_config(struct myrb_hba *cb)
enquiry2->fw.firmware_type = '0';
enquiry2->fw.turn_id = 0;
}
sprintf(cb->fw_version, "%d.%02d-%c-%02d",
snprintf(cb->fw_version, sizeof(cb->fw_version),
"%d.%02d-%c-%02d",
enquiry2->fw.major_version,
enquiry2->fw.minor_version,
enquiry2->fw.firmware_type,
Expand Down