Re: [PATCH 13/22] liquidio: fix possible eeprom format string overflow
From: Burla, Satananda
Date: Fri Jul 14 2017 - 18:40:45 EST
The 07/14/2017 09:04, David Miller wrote:
> From: Arnd Bergmann <arnd@xxxxxxxx>
> Date: Fri, 14 Jul 2017 14:07:05 +0200
>
> > gcc reports that the temporary buffer for computing the
> > string length may be too small here:
> >
> > drivers/net/ethernet/cavium/liquidio/lio_ethtool.c: In function
> 'lio_get_eeprom_len':
> > /drivers/net/ethernet/cavium/liquidio/lio_ethtool.c:345:21: error: 'sprintf'
> may write a terminating nul past the end of the destination [-Werror=
> format-overflow=]
> > len = sprintf(buf, "boardname:%s serialnum:%s maj:%lld min:%lld\n",
> > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > drivers/net/ethernet/cavium/liquidio/lio_ethtool.c:345:6: note: 'sprintf'
> output between 35 and 167 bytes into a destination of size 128
> > len = sprintf(buf, "boardname:%s serialnum:%s maj:%lld min:%lld\n",
> >
> > This extends it to 192 bytes, which is certainly enough. As far
> > as I could tell, there are no other constraints that require a specific
> > maximum size.
> >
> > Signed-off-by: Arnd Bergmann <arnd@xxxxxxxx>
>
> Applied.
I had raised a bug for this earlier and attached a patch as well.
http://cabugzilla1.caveonetworks.com/octeon_bugzilla/show_bug.cgi?id=26421
--
Regards
Satanand