From patchwork Fri Nov 2 15:34:49 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 150056 Delivered-To: patch@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp2222793ljp; Fri, 2 Nov 2018 08:36:35 -0700 (PDT) X-Google-Smtp-Source: AJdET5f5nEq5RWPXBcbAWEgaSsSKUtu8easmefSDwlqru2y6Ag/BLdSgar8Zm9W/V9vDiBJQHa6o X-Received: by 2002:a62:7f8c:: with SMTP id a134-v6mr12559419pfd.22.1541172995391; Fri, 02 Nov 2018 08:36:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1541172995; cv=none; d=google.com; s=arc-20160816; b=F86uBJPPm3nG/h9hrz/2DsXXwuTT+k5JhhUdqAh3NUk2QLM299Vb6+ryn8H/Z0jNN1 l0Jl7cs6EXYw6Khq7BKslmSGmz2TgQJErpf0vDUnlyQA1Bt8qhTshY5M1I9xpqHCekzE uo5ZSB95eeqXabPjzC7Umcept8KGNBSbyssGeyiZnNpz0qfKjG69sVmEsgmMf/ongNlA lTzSrJQLNZyfb1tZr6AihdcA6KWvPBfxOYFd8z+vxgIJMX4DG9zE4o5MireT/wnWMlUL LVsG5HAYI2t+07Bxt1HXY86vs7IJh6DaS+RLFtkFwD3GeSyatn1cq5/zsivGpatQTbRh Dijg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from; bh=00rmX9sftpgRde8K50B2FuyTLmMPnnm/MX5+eRX1DPo=; b=XZKfnEzmn1N3+sEiEqwMsm0nJoiIpAamxDSgTPu4RZUsQMG2ejPPfIuC5ymGcSn+hk TnRtYT31HVgGG1xzbwHyVQkql/m3mX27FRBqZ+2DwRk+WD7psVOiLEJwyhUtcSBQaQCY HAGEPAFeKiHgImxGAEJ6lkFCiiOpj13jbfbqFHtJwVU4aho3zLD7sAzBaANyKruF0ilm LPj8mbADvS+kw15jGaJGdQxnOp3ECj8uurblTirkabVlv/hdgOgCI7Kad2khteLOnqPK NfS21eHr9ZSIcUnNtYFdeQrFQnUlLpVGYP5LOsJ/U94zWQDFAJdrSeWQFnntViZ17b3R 3Tgw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r26-v6si13475439pgb.372.2018.11.02.08.36.35; Fri, 02 Nov 2018 08:36:35 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728058AbeKCAoB (ORCPT + 32 others); Fri, 2 Nov 2018 20:44:01 -0400 Received: from mout.kundenserver.de ([217.72.192.75]:47531 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726049AbeKCAoB (ORCPT ); Fri, 2 Nov 2018 20:44:01 -0400 Received: from wuerfel.lan ([109.192.41.194]) by mrelayeu.kundenserver.de (mreue106 [212.227.15.145]) with ESMTPA (Nemesis) id 1MGyl3-1gNoGW1WqZ-00E57J; Fri, 02 Nov 2018 16:34:59 +0100 Received: from wuerfel.lan ([109.192.41.194]) by mrelayeu.kundenserver.de (mreue106 [212.227.15.145]) with ESMTPA (Nemesis) id 1MGyl3-1gNoGW1WqZ-00E57J; Fri, 02 Nov 2018 16:34:59 +0100 From: Arnd Bergmann To: Hannes Reinecke , "James E.J. Bottomley" , "Martin K. Petersen" Cc: Arnd Bergmann , linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] scsi: myrb: fix sprintf buffer overflow warning Date: Fri, 2 Nov 2018 16:34:49 +0100 Message-Id: <20181102153458.1567593-1-arnd@arndb.de> X-Mailer: git-send-email 2.18.0 X-Provags-ID: V03:K1:jPqDSsZ4zPBvsadRKmf8ZBTp5DodxXKNbnxAhgbHmiSpOhpOyHd AofuR2qd4JZszfjrlTmA1QFNiwK3cjgCzkUcgdxSeHly5I0l7LPEOGR41U5ctK5Bs4qbzIS enUszkIrcPVIeXFlApXEreYMPI5nvUKzhlIp0JPUGQz6/RermkfUpNn6TGa+HFRTDkDpuFU EKU2JJnpT+4WM+L/YVMVQ== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1; V01:K0:XqwE8iibaJs=:KuVl98V21he6SWdbaa0cPC 4AYzXLSM4JtctKhwbNhoI8OfM2HTQRvtXKqKQEPIW5DO5dTMwCLdLQ28CV4FGrVmbGWvJHeL/ rAb+gNICSdicddEzL31/y8ZP2dG8YaGMWpZHHdG3idrOzhzUO/51dpHc4IK9l/Z2Y92CzY6kh ix6KEsPvaMEHwWqLDG5yF0unUoR20bGtJ3SvTg86S4rsLMnp4z/97yrji8sT08YpNnwJnabym xcscrgGd6m2kmGQ7vdFdf7fyLD9uFJORstEBE0HXo05QVBFQg2R7EnM/pYYdk6L6E3+Ta48JF MxqIdeJu4mnaJbd7F/DMDUZSHMp/tIxJJzFYEFJbYqe3eT13INoED+8vwePXRzOKQBGkAWXfW 62Bjg+IS9Lm+8fFYyo31vprkva25aafDPHTNAa5UdtiZ/+OFYbSRYepLt3FbMoQqRVyqqOXvJ yhlc1clyEsepmofcTuDt0OGogI2oytZNF3I7aic5kt9GcGhzXQEV/NHUHa9AUNsh9wrKBa26F 6dAc9cDXgpvcXtnwsb3TyLu202J697nHHB8IP2MAdTdaUMQpuMhkgE/Jyv52SizrlPPT0CHcH wHTffH6VAx84ckceyx22eLmVOBe/TYtGxdOPsGdsKwgccUiqc1s88AzPrpD3UfQq+7bpzTKXR 9MNlWzDsGhAtDIHMlGVGRBO7IQWo5inkG+AygXtjmuEPzZE82yVSaL9Nc28CNh3H2aYU= Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org gcc warns that the 12 byte fw_version field might not be long enough to contain the generated firmware name string: drivers/scsi/myrb.c: In function 'myrb_get_hba_config': drivers/scsi/myrb.c:1052:38: error: '%02d' directive writing between 2 and 3 bytes into a region of size between 2 and 5 [-Werror=format-overflow=] sprintf(cb->fw_version, "%d.%02d-%c-%02d", ^~~~ drivers/scsi/myrb.c:1052:26: note: directive argument in the range [0, 255] sprintf(cb->fw_version, "%d.%02d-%c-%02d", ^~~~~~~~~~~~~~~~~ drivers/scsi/myrb.c:1052:2: note: 'sprintf' output between 10 and 14 bytes into a destination of size 12 sprintf(cb->fw_version, "%d.%02d-%c-%02d", ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ enquiry2->fw.major_version, ~~~~~~~~~~~~~~~~~~~~~~~~~~~ enquiry2->fw.minor_version, ~~~~~~~~~~~~~~~~~~~~~~~~~~~ enquiry2->fw.firmware_type, ~~~~~~~~~~~~~~~~~~~~~~~~~~~ enquiry2->fw.turn_id); ~~~~~~~~~~~~~~~~~~~~~ I have not checked whether there are appropriate range checks before the sprintf, but there is a range check after it that will bail out in case of out of range version numbers. This means we can simply use snprintf() instead of sprintf() to limit the output buffer size, and it will work correctly. Fixes: 081ff398c56c ("scsi: myrb: Add Mylex RAID controller (block interface)") Signed-off-by: Arnd Bergmann --- drivers/scsi/myrb.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) -- 2.18.0 diff --git a/drivers/scsi/myrb.c b/drivers/scsi/myrb.c index aeb282f617c5..0642f2d0a3bb 100644 --- a/drivers/scsi/myrb.c +++ b/drivers/scsi/myrb.c @@ -1049,7 +1049,8 @@ static int myrb_get_hba_config(struct myrb_hba *cb) enquiry2->fw.firmware_type = '0'; enquiry2->fw.turn_id = 0; } - sprintf(cb->fw_version, "%d.%02d-%c-%02d", + snprintf(cb->fw_version, sizeof(cb->fw_version), + "%d.%02d-%c-%02d", enquiry2->fw.major_version, enquiry2->fw.minor_version, enquiry2->fw.firmware_type,