kernel / kernel-source

Clone
Source Code
GIT

Blame patches.suse/md-raid0-fix-buffer-overflow-at-debug-print.patch

ALP-current ALP-current-GA ALP-current-RT ALP-current-RT-GA SLE12-SP5 SLE12-SP5-AZURE SLE12-SP5-RT SLE15-SP2-EB SLE15-SP3-RT-LTSS SLE15-SP4-RT-LTSS SLE15-SP5 SLE15-SP5-AZURE SLE15-SP5-RT SLE15-SP6 SLE15-SP6-AZURE SLE15-SP6-AZURE-GA SLE15-SP6-GA SLE15-SP6-RT SLE15-SP6-RT-GA linux-next master packaging scripts slowroll stable vanilla
  1.   c911350cfd2bc939e01ecbc6e1df23246261fea6
  2.   patches.suse
  3.   md-raid0-fix-buffer-overflow-at-debug-print.patch
Blob History Raw
Coly Li 7a0a64 
From f68334a85ee9120678c06a8da4a1711be7be86a2 Mon Sep 17 00:00:00 2001
Coly Li 7a0a64 
From: Takashi Iwai <tiwai@suse.de>
Coly Li 7a0a64 
Date: Tue, 18 Feb 2020 09:22:08 +0100
Coly Li 7a0a64 
Subject: [PATCH] md/raid0: Fix buffer overflow at debug print
Coly Li 7a0a64 
Patch-mainline: Not yet, waiting for patch author posting upstream
Coly Li 7a0a64 
References: bsc#1164051
Coly Li 7a0a64
Coly Li 7a0a64 
The debug print text in dump_zones() is formatted via a loop of
Coly Li 7a0a64 
snprintf().  Since snprintf() returns the number of would-be-printed
Coly Li 7a0a64 
characters, not the actually output, the length calculation in the
Coly Li 7a0a64 
loop overflows the actual buffer size, which leads to a WARNING in
Coly Li 7a0a64 
vsnprintf().
Coly Li 7a0a64
Coly Li 7a0a64 
Replace snprintf() with scnprintf() to calculate properly with the
Coly Li 7a0a64 
actual output size.
Coly Li 7a0a64
Coly Li 7a0a64 
Cc: <stable@vger.kernel.org>
Coly Li 7a0a64 
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Coly Li 7a0a64 
Signed-off-by: Coly Li <colyli@suse.de>
Coly Li 7a0a64 
---
Coly Li 7a0a64 
 drivers/md/raid0.c | 2 +-
Coly Li 7a0a64 
 1 file changed, 1 insertion(+), 1 deletion(-)
Coly Li 7a0a64
Coly Li 7a0a64 
diff --git a/drivers/md/raid0.c b/drivers/md/raid0.c
Coly Li 7a0a64 
index 322386ff5d22..3e16be05b98f 100644
Coly Li 7a0a64 
--- a/drivers/md/raid0.c
Coly Li 7a0a64 
+++ b/drivers/md/raid0.c
Coly Li 7a0a64 
@@ -63,7 +63,7 @@ static void dump_zones(struct mddev *mddev)
Coly Li 7a0a64 
 		int len = 0;
Coly Li 7a0a64
Coly Li 7a0a64 
 		for (k = 0; k < conf->strip_zone[j].nb_dev; k++)
Coly Li 7a0a64 
-			len += snprintf(line+len, 200-len, "%s%s", k?"/":"",
Coly Li 7a0a64 
+			len += scnprintf(line+len, 200-len, "%s%s", k?"/":"",
Coly Li 7a0a64 
 					bdevname(conf->devlist[j*raid_disks
Coly Li 7a0a64 
 							       + k]->bdev, b));
Coly Li 7a0a64 
 		pr_debug("md: zone%d=[%s]\n", j, line);
Coly Li 7a0a64 
--
Coly Li 7a0a64 
2.16.4
Coly Li 7a0a64
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.