From patchwork Mon Jul 17 12:00:00 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 107910 Delivered-To: patch@linaro.org Received: by 10.140.101.44 with SMTP id t41csp4419299qge; Mon, 17 Jul 2017 05:00:35 -0700 (PDT) X-Received: by 10.98.14.10 with SMTP id w10mr4376625pfi.72.1500292835034; Mon, 17 Jul 2017 05:00:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1500292835; cv=none; d=google.com; s=arc-20160816; b=ageioIukTgD3SLIP0Lm4pNidJVDmzJIRMs504vLbASxuVcSPJ4Kh6ahI6EtX5Nus3L EhlGeGudGDiLCXgNE3NXq5WhClvQ0fvSejGwj3GLPq7/a7toF+mKlZ1X8mb9p7HyHxtR YLeLVXINl/nlgBdcU8qDpGYo2aNQSKEFi6ukSd2qDdtfmnl71zriVaP7L/gvZtDBeP75 LgodKo/6Jff+aCEgu3qv7Fks+cQua08QreqrByX6GnP0Y2Y3rTBmabsFUSGgZaOeVLPk kbq3OMLs7SGatBLMIl7SSXn3ro+ZLPUNtSYiYXhA7NpEP+RCaFX7IrbaGR3ZeEedbZSp sTAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :arc-authentication-results; bh=wqyCmBNQNnuwjJXcBmm34ebZRhR80+CTwiBJ54NYLdA=; b=B7Vp5Ax8TTc/wWtNJgeg/BBK9LG8OsezAqYRLvEnvn3K7XHh5sZZ5e6VZhWOU5nHr5 /Dr2MEaEPDe8eGTtd/Thj0OGNlTeidnl4usqGoFG0T/iwkgbaKYjhioyYtbrZX1BfrEe 4ipc2ZM4KiiCByGF9pWRqRFl9uhBJCngUc/EpDG89rtSjRMKiJEotmbAh4rReUZF+pv1 tcrkKXCsq7IbFdyxuvmKWy3BY8hYnoECDpRe7UJEk5YwUaJ3QPxn4OeZP/eLHK86YIPW 4yvB4rcP/M7fSDPVPW0gmEVoe7z0F7Q9UgsnOd2m0Y0e6OAYI1rP+F5ORC4NI/vVdOEX rU6A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-scsi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-scsi-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q12si1952718pli.608.2017.07.17.05.00.34; Mon, 17 Jul 2017 05:00:35 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-scsi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-scsi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-scsi-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751334AbdGQMAe (ORCPT + 1 other); Mon, 17 Jul 2017 08:00:34 -0400 Received: from mout.kundenserver.de ([212.227.17.13]:50881 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751280AbdGQMAd (ORCPT ); Mon, 17 Jul 2017 08:00:33 -0400 Received: from wuerfel.lan ([5.56.224.194]) by mrelayeu.kundenserver.de (mreue103 [212.227.15.145]) with ESMTPA (Nemesis) id 0Ls7Kh-1ddIaZ2CNz-013v0N; Mon, 17 Jul 2017 14:00:20 +0200 From: Arnd Bergmann To: Sathya Prakash , Chaitra P B , Suganath Prabu Subramani Cc: David Laight , Arnd Bergmann , "Martin K. Petersen" , Bhaktipriya Shridhar , MPT-FusionLinux.pdl@broadcom.com, linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] [v2] scsi: fusion: fix string overflow warning Date: Mon, 17 Jul 2017 14:00:00 +0200 Message-Id: <20170717120017.1269276-1-arnd@arndb.de> X-Mailer: git-send-email 2.9.0 X-Provags-ID: V03:K0:7VbFkyRQpLiiAZAdsn++ynbwAOuMLVMldcAKnyOTLOk50QqVFC9 f866QL2ah/QsdJdbMKURP9Ae6/iEzmQO7355qUfVcYZXuZboivNF4ofex6a6RpEmTLMSPc/ lu5DD0JkRRbDL0dL2rnObTNIxHqt5JAO9G2u6MeaB06PJReaX/LAMqjjrIXagmx7eQhNi9F yqvCb8XeuGWGSbjRAQ3Sw== X-UI-Out-Filterresults: notjunk:1; V01:K0:hocPQZSWj9s=:muveDRhIMZiy91jHkkzSer keE4yb27sv5xkmAdgQTW2aiXVz6l0yPZ3pgfjmRxCFcCaothDgAMMTeobCOyEs+V69hhSWVmn XswG3MjS+vwflr1vq+IMQkfXAjutBO3c8nNC6gFIFPiVENziQM2uIzHM64/fX5wo4wmcaExdB tyzsDUiK4Sb6J89hY3+G4jA7TtOxZZygk85ES4FdeUR1+dLudPYZEU8DOPhYpfJu2n9mOwXFa hkJwBnuv92hDo6gv+XoBJQdnjGL40DHEgIhqQupDFid7pP8JxH/I7fMCb48DiCQmvhqoAoKu0 p3h42td5YdtnRimhn1UX2JQ1Xq2PNTtzWOVf+EK0hSP6zb3yzoR1MUNMLa/glt6ZolB2p6WgQ bgXcaMUitqB0gNsxqCnJOVvdifX51ZFWwpyaY3FvkL0wWQzYnFMr/jJHpNEM2ZJYy/0XBpVLd X3FN+n4bxLHjtpsjQyJvtQJf0Xyr3XpqUvbNs1yLcppAQjdXjVAc0aBZQi9tRVk1PE7IopaIB 3COg9OibiJko+0hW9cNL0JJKkniv+fS+YbLKeDS9CIJFyyRAZTL4ZdDuOaRUNzHkRgWIRypta MmzMnexjMl6HNkha1ZVHWG35ZAkqWDkagJw8EdmvYFNXjUkWs2aNwaaygflAMuYxJIXfXbYr8 Xhtah2ebGZfO/6k8whoTYFwrCSHMmsYwDLdgL95w7YoQDGDs0f+HT6+Wb8V13F25FHZFQg6CK fNltpSc5Z2NDtzx6H/c5b7+FvuWyhoACCsnRoQ== Sender: linux-scsi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-scsi@vger.kernel.org gcc points out a theorerical string overflow: drivers/message/fusion/mptbase.c: In function 'mpt_detach': drivers/message/fusion/mptbase.c:2103:17: error: '%s' directive writing up to 31 bytes into a region of size 28 [-Werror=format-overflow=] sprintf(pname, MPT_PROCFS_MPTBASEDIR "/%s/summary", ioc->name); ^~~~~ drivers/message/fusion/mptbase.c:2103:2: note: 'sprintf' output between 13 and 44 bytes into a destination of size 32 We can simply double the size of the local buffer here to be on the safe side, and using snprintf() instead of sprintf() protects us if ioc->name was not terminated properly. Signed-off-by: Arnd Bergmann --- v2: also use snprintf --- drivers/message/fusion/mptbase.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) -- 2.9.0 diff --git a/drivers/message/fusion/mptbase.c b/drivers/message/fusion/mptbase.c index 62cff5afc6bd..84eab28665f3 100644 --- a/drivers/message/fusion/mptbase.c +++ b/drivers/message/fusion/mptbase.c @@ -2079,7 +2079,7 @@ void mpt_detach(struct pci_dev *pdev) { MPT_ADAPTER *ioc = pci_get_drvdata(pdev); - char pname[32]; + char pname[64]; u8 cb_idx; unsigned long flags; struct workqueue_struct *wq; @@ -2100,11 +2100,11 @@ mpt_detach(struct pci_dev *pdev) spin_unlock_irqrestore(&ioc->fw_event_lock, flags); destroy_workqueue(wq); - sprintf(pname, MPT_PROCFS_MPTBASEDIR "/%s/summary", ioc->name); + snprintf(pname, sizeof(pname), MPT_PROCFS_MPTBASEDIR "/%s/summary", ioc->name); remove_proc_entry(pname, NULL); - sprintf(pname, MPT_PROCFS_MPTBASEDIR "/%s/info", ioc->name); + snprintf(pname, sizeof(pname), MPT_PROCFS_MPTBASEDIR "/%s/info", ioc->name); remove_proc_entry(pname, NULL); - sprintf(pname, MPT_PROCFS_MPTBASEDIR "/%s", ioc->name); + snprintf(pname, sizeof(pname), MPT_PROCFS_MPTBASEDIR "/%s", ioc->name); remove_proc_entry(pname, NULL); /* call per device driver remove entry point */