[04/22] scsi: fusion: fix string overflow warning

Message ID	20170714120720.906842-5-arnd@arndb.de (mailing list archive)
State	Superseded, archived
Headers	show Return-Path: <linux-scsi-owner@kernel.org> From: Arnd Bergmann <arnd@arndb.de> To: linux-kernel@vger.kernel.org, Sathya Prakash <sathya.prakash@broadcom.com>, Chaitra P B <chaitra.basappa@broadcom.com>, Suganath Prabu Subramani <suganath-prabu.subramani@broadcom.com> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Linus Torvalds <torvalds@linux-foundation.org>, Guenter Roeck <linux@roeck-us.net>, akpm@linux-foundation.org, netdev@vger.kernel.org, "David S . Miller" <davem@davemloft.net>, "James E . J . Bottomley" <jejb@linux.vnet.ibm.com>, "Martin K . Petersen" <martin.petersen@oracle.com>, linux-scsi@vger.kernel.org, x86@kernel.org, Arnd Bergmann <arnd@arndb.de>, Helge Deller <deller@gmx.de>, MPT-FusionLinux.pdl@broadcom.com Subject: [PATCH 04/22] scsi: fusion: fix string overflow warning Date: Fri, 14 Jul 2017 14:06:56 +0200 Message-Id: <20170714120720.906842-5-arnd@arndb.de> In-Reply-To: <20170714120720.906842-1-arnd@arndb.de> References: <20170714120720.906842-1-arnd@arndb.de> Sender: linux-scsi-owner@vger.kernel.org Precedence: bulk

Message ID

20170714120720.906842-5-arnd@arndb.de (mailing list archive)

State

Superseded, archived

Headers

From: Arnd Bergmann <arnd@arndb.de>
To: linux-kernel@vger.kernel.org,
	Sathya Prakash <sathya.prakash@broadcom.com>,
	Chaitra P B <chaitra.basappa@broadcom.com>, Suganath Prabu Subramani 
	<suganath-prabu.subramani@broadcom.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Guenter Roeck <linux@roeck-us.net>, akpm@linux-foundation.org,
	netdev@vger.kernel.org, "David S . Miller" <davem@davemloft.net>,
	"James E . J . Bottomley" <jejb@linux.vnet.ibm.com>,
	"Martin K . Petersen" <martin.petersen@oracle.com>,
	linux-scsi@vger.kernel.org, x86@kernel.org,
	Arnd Bergmann <arnd@arndb.de>, Helge Deller <deller@gmx.de>,
	MPT-FusionLinux.pdl@broadcom.com
Subject: [PATCH 04/22] scsi: fusion: fix string overflow warning
Date: Fri, 14 Jul 2017 14:06:56 +0200
Message-Id: <20170714120720.906842-5-arnd@arndb.de>
In-Reply-To: <20170714120720.906842-1-arnd@arndb.de>
References: <20170714120720.906842-1-arnd@arndb.de>
Sender: linux-scsi-owner@vger.kernel.org
Precedence: bulk

Commit Message

Arnd Bergmann July 14, 2017, 12:06 p.m. UTC

gcc points out a theorerical string overflow:

drivers/message/fusion/mptbase.c: In function 'mpt_detach':
drivers/message/fusion/mptbase.c:2103:17: error: '%s' directive writing up to 31 bytes into a region of size 28 [-Werror=format-overflow=]
sprintf(pname, MPT_PROCFS_MPTBASEDIR "/%s/summary", ioc->name);
               ^~~~~
drivers/message/fusion/mptbase.c:2103:2: note: 'sprintf' output between 13 and 44 bytes into a destination of size 32

We can simply double the size of the local buffer here to be on the
safe side.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
 drivers/message/fusion/mptbase.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

David Laight July 17, 2017, 9:17 a.m. UTC | #1

From: Arnd Bergmann
> Sent: 14 July 2017 13:07
> gcc points out a theorerical string overflow:
> 
> drivers/message/fusion/mptbase.c: In function 'mpt_detach':
> drivers/message/fusion/mptbase.c:2103:17: error: '%s' directive writing up to 31 bytes into a region
> of size 28 [-Werror=format-overflow=]
> sprintf(pname, MPT_PROCFS_MPTBASEDIR "/%s/summary", ioc->name);
>                ^~~~~
> drivers/message/fusion/mptbase.c:2103:2: note: 'sprintf' output between 13 and 44 bytes into a
> destination of size 32
> 
> We can simply double the size of the local buffer here to be on the
> safe side.

I think I'd change it to snprintf() as well.
Saves any worries if ioc->name isn't '\0' terminated.

	David

Arnd Bergmann July 17, 2017, noon UTC | #2

On Mon, Jul 17, 2017 at 11:17 AM, David Laight <David.Laight@aculab.com> wrote:
> From: Arnd Bergmann
>> Sent: 14 July 2017 13:07
>> gcc points out a theorerical string overflow:
>>
>> drivers/message/fusion/mptbase.c: In function 'mpt_detach':
>> drivers/message/fusion/mptbase.c:2103:17: error: '%s' directive writing up to 31 bytes into a region
>> of size 28 [-Werror=format-overflow=]
>> sprintf(pname, MPT_PROCFS_MPTBASEDIR "/%s/summary", ioc->name);
>>                ^~~~~
>> drivers/message/fusion/mptbase.c:2103:2: note: 'sprintf' output between 13 and 44 bytes into a
>> destination of size 32
>>
>> We can simply double the size of the local buffer here to be on the
>> safe side.
>
> I think I'd change it to snprintf() as well.
> Saves any worries if ioc->name isn't '\0' terminated.

Ok, fair enough, I'll send a new version right away.

      Arnd

diff --git a/drivers/message/fusion/mptbase.c b/drivers/message/fusion/mptbase.c
index 62cff5afc6bd..46b67a67edc8 100644
--- a/drivers/message/fusion/mptbase.c
+++ b/drivers/message/fusion/mptbase.c
@@ -2079,7 +2079,7 @@  void
 mpt_detach(struct pci_dev *pdev)
 {
 	MPT_ADAPTER 	*ioc = pci_get_drvdata(pdev);
-	char pname[32];
+	char pname[64];
 	u8 cb_idx;
 	unsigned long flags;
 	struct workqueue_struct *wq;

[04/22] scsi: fusion: fix string overflow warning

Commit Message

Comments

Patch