* [PATCH] scsi: qla2xxx/qla_attr.c: fix undefined behavior in using snprintf
@ 2013-02-07 15:50 Cong Ding
0 siblings, 0 replies; only message in thread
From: Cong Ding @ 2013-02-07 15:50 UTC (permalink / raw)
To: Andrew Vasquez, linux-driver, James E.J. Bottomley, linux-scsi,
linux-kernel
Cc: Cong Ding
The original code
snprintf(buf, PAGE_SIZE, "%s\n", buf);
uses buf as both source and destination string, which is undefined behavior
based on C11:
If copying takes place between objects
that overlap, the behavior is undefined.
Signed-off-by: Cong Ding <dinggnu@gmail.com>
---
drivers/scsi/qla2xxx/qla_attr.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/qla2xxx/qla_attr.c b/drivers/scsi/qla2xxx/qla_attr.c
index 83d7984..ded7383 100644
--- a/drivers/scsi/qla2xxx/qla_attr.c
+++ b/drivers/scsi/qla2xxx/qla_attr.c
@@ -887,10 +887,16 @@ qla2x00_serial_num_show(struct device *dev, struct device_attribute *attr,
scsi_qla_host_t *vha = shost_priv(class_to_shost(dev));
struct qla_hw_data *ha = vha->hw;
uint32_t sn;
+ ssize_t bn;
if (IS_FWI2_CAPABLE(ha)) {
qla2xxx_get_vpd_field(vha, "SN", buf, PAGE_SIZE);
- return snprintf(buf, PAGE_SIZE, "%s\n", buf);
+ bn = strlen(buf);
+ if (bn < PAGE_SIZE - 1) {
+ buf[bn] = '\n';
+ buf[bn + 1] = '\0';
+ }
+ return bn + 1;
}
sn = ((ha->serial0 & 0x1f) << 16) | (ha->serial2 << 8) | ha->serial1;
--
1.7.9.5
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2013-02-07 15:50 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-02-07 15:50 [PATCH] scsi: qla2xxx/qla_attr.c: fix undefined behavior in using snprintf Cong Ding
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.