| Message ID | 20240528084439.23705-1-xni@redhat.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [1/1] mdadm/platform-intel: buffer overflow detected | expand |
On Tue, 28 May 2024 16:44:39 +0800 Xiao Ni <xni@redhat.com> wrote: > mdadm -CR /dev/md0 -l1 -n2 /dev/nvme0n1 /dev/nvme2n1 > *** buffer overflow detected ***: terminated > Aborted (core dumped) > > It doesn't happen 100% and it depends on the building environment. > It can be fixed by replacing sprintf with snprintf. > > Fixes: d835518b6b53 ('imsm: nvme multipath support') > Reported-by: Guang Wu <guazhang@redhat.com> > Signed-off-by: Xiao Ni <xni@redhat.com> > --- Applied! Thanks, Mariusz
diff --git a/platform-intel.c b/platform-intel.c index 15a9fa5ac160..d6a535335ad1 100644 --- a/platform-intel.c +++ b/platform-intel.c @@ -907,14 +907,14 @@ char *get_nvme_multipath_dev_hw_path(const char *dev_path) return NULL; for (ent = readdir(dir); ent; ent = readdir(dir)) { - char buf[strlen(dev_path) + strlen(ent->d_name) + 1]; + char buf[PATH_MAX]; /* Check if dir is a controller, ignore namespaces*/ if (!(strncmp(ent->d_name, "nvme", 4) == 0) || (strrchr(ent->d_name, 'n') != &ent->d_name[0])) continue; - sprintf(buf, "%s/%s", dev_path, ent->d_name); + snprintf(buf, PATH_MAX, "%s/%s", dev_path, ent->d_name); rp = realpath(buf, NULL); break; }
mdadm -CR /dev/md0 -l1 -n2 /dev/nvme0n1 /dev/nvme2n1 *** buffer overflow detected ***: terminated Aborted (core dumped) It doesn't happen 100% and it depends on the building environment. It can be fixed by replacing sprintf with snprintf. Fixes: d835518b6b53 ('imsm: nvme multipath support') Reported-by: Guang Wu <guazhang@redhat.com> Signed-off-by: Xiao Ni <xni@redhat.com> --- platform-intel.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)