Re: CVE-2009-2584

From: Linus Torvalds
Date: Thu Nov 05 2009 - 12:48:37 EST

On Thu, 5 Nov 2009, Linus Torvalds wrote:
> {
> - unsigned long val;
> - char buf[80];
> + char buf[16];

On third thought, this was too aggressive.

Using "0x%16ul" as a format on 64-bit machines is reasonable, so 19 bytes
of buffer is not insane (with the terminating NUL). Of course, it never
used to accept hex numbers, so it's not like it would have worked before,
but the point is that I cut down the buffer unnecessarily strictly.

Can anybody see anything else wrong in that suggested fix?

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at