| Message ID | 20180508093104.27018-1-zajec5@gmail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 361de091a4b97aa9081d304d742f80d486ab7125 |
| Delegated to: | Kalle Valo |
| Headers | show |
Rafał Miłecki <zajec5@gmail.com> writes: > From: Rafał Miłecki <rafal@milecki.pl> > > Used buffer wasn't big enough to hold whole strings. Example output of > this function is: > [ 0.180892] bcma: bus0: core 0x0800, irq: 2(S)* 3 4 5 6 D I > [ 0.180948] bcma: bus0: core 0x0812, irq: 2(S) 3* 4 5 6 D I > [ 0.180998] bcma: bus0: core 0x082d, irq: 2(S) 3 4* 5 6 D I > [ 0.181046] bcma: bus0: core 0x082c, irq: 2(S) 3 4 5 6 D I* > which means we need to store up to 24 chars. > > Fixes: 758f7e06063a8 ("bcma: Use bcma_debug and not pr_cont in MIPS driver") > Signed-off-by: Rafał Miłecki <rafal@milecki.pl> > Cc: stable@vger.kernel.org # v4.15+ I'll queue this for 4.17.
On Tue, 2018-05-08 at 11:31 +0200, Rafał Miłecki wrote: > From: Rafał Miłecki <rafal@milecki.pl> > > Used buffer wasn't big enough to hold whole strings. Example output of > this function is: > [ 0.180892] bcma: bus0: core 0x0800, irq: 2(S)* 3 4 5 6 D I > [ 0.180948] bcma: bus0: core 0x0812, irq: 2(S) 3* 4 5 6 D I > [ 0.180998] bcma: bus0: core 0x082d, irq: 2(S) 3 4* 5 6 D I > [ 0.181046] bcma: bus0: core 0x082c, irq: 2(S) 3 4 5 6 D I* > which means we need to store up to 24 chars. > > Fixes: 758f7e06063a8 ("bcma: Use bcma_debug and not pr_cont in MIPS driver") > Signed-off-by: Rafał Miłecki <rafal@milecki.pl> > Cc: stable@vger.kernel.org # v4.15+ Oops. Apologies for not counting properly. > --- > drivers/bcma/driver_mips.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/bcma/driver_mips.c b/drivers/bcma/driver_mips.c > index f040aba48d50..27e9686b6d3a 100644 > --- a/drivers/bcma/driver_mips.c > +++ b/drivers/bcma/driver_mips.c > @@ -184,7 +184,7 @@ static void bcma_core_mips_print_irq(struct bcma_device *dev, unsigned int irq) > { > int i; > static const char *irq_name[] = {"2(S)", "3", "4", "5", "6", "D", "I"}; > - char interrupts[20]; > + char interrupts[25]; > char *ints = interrupts; > > for (i = 0; i < ARRAY_SIZE(irq_name); i++)
Rafał Miłecki wrote: > From: Rafał Miłecki <rafal@milecki.pl> > > Used buffer wasn't big enough to hold whole strings. Example output of > this function is: > [ 0.180892] bcma: bus0: core 0x0800, irq: 2(S)* 3 4 5 6 D I > [ 0.180948] bcma: bus0: core 0x0812, irq: 2(S) 3* 4 5 6 D I > [ 0.180998] bcma: bus0: core 0x082d, irq: 2(S) 3 4* 5 6 D I > [ 0.181046] bcma: bus0: core 0x082c, irq: 2(S) 3 4 5 6 D I* > which means we need to store up to 24 chars. > > Fixes: 758f7e06063a8 ("bcma: Use bcma_debug and not pr_cont in MIPS driver") > Signed-off-by: Rafał Miłecki <rafal@milecki.pl> > Cc: stable@vger.kernel.org # v4.15+ Patch applied to wireless-drivers.git, thanks. 361de091a4b9 bcma: fix buffer size caused crash in bcma_core_mips_print_irq()
diff --git a/drivers/bcma/driver_mips.c b/drivers/bcma/driver_mips.c index f040aba48d50..27e9686b6d3a 100644 --- a/drivers/bcma/driver_mips.c +++ b/drivers/bcma/driver_mips.c @@ -184,7 +184,7 @@ static void bcma_core_mips_print_irq(struct bcma_device *dev, unsigned int irq) { int i; static const char *irq_name[] = {"2(S)", "3", "4", "5", "6", "D", "I"}; - char interrupts[20]; + char interrupts[25]; char *ints = interrupts; for (i = 0; i < ARRAY_SIZE(irq_name); i++)