From: Eric Moore <eric.moore@lsil.com>
To: linux-scsi@vger.kernel.org
Cc: James.Bottomley@SteelEye.com
Subject: [PATCH] fusion - bug fix stack overflow in mptbase
Date: Wed, 26 Apr 2006 13:22:37 -0600 [thread overview]
Message-ID: <20060426192237.GA25964@lsil.com> (raw)
Bug fix for stack overflow in EventDescriptionStr, (a function
for debuging firmware events). We allocated 50 bytes on local stack
for buff[], however there are places in the code where we've attempted
copying in greater than 50 bytes into buff[].
Signed-off-by: Eric Moore <Eric.Moore@lsil.com>
diff -uarN b/drivers/message/fusion/mptbase.c a/drivers/message/fusion/mptbase.c
--- b/drivers/message/fusion/mptbase.c 2006-04-26 11:59:09.000000000 -0600
+++ a/drivers/message/fusion/mptbase.c 2006-04-25 09:25:18.000000000 -0600
@@ -5735,12 +5735,13 @@
return rc;
}
+# define EVENT_DESCR_STR_SZ 100
+
/*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
static void
EventDescriptionStr(u8 event, u32 evData0, char *evStr)
{
- char *ds;
- char buf[50];
+ char *ds = NULL;
switch(event) {
case MPI_EVENT_NONE:
@@ -5777,9 +5778,9 @@
if (evData0 == MPI_EVENT_LOOP_STATE_CHANGE_LIP)
ds = "Loop State(LIP) Change";
else if (evData0 == MPI_EVENT_LOOP_STATE_CHANGE_LPE)
- ds = "Loop State(LPE) Change"; /* ??? */
+ ds = "Loop State(LPE) Change"; /* ??? */
else
- ds = "Loop State(LPB) Change"; /* ??? */
+ ds = "Loop State(LPB) Change"; /* ??? */
break;
case MPI_EVENT_LOGOUT:
ds = "Logout";
@@ -5845,22 +5846,28 @@
u8 ReasonCode = (u8)(evData0 >> 16);
switch (ReasonCode) {
case MPI_EVENT_SAS_DEV_STAT_RC_ADDED:
- sprintf(buf,"SAS Device Status Change: Added: id=%d", id);
+ snprintf(evStr, EVENT_DESCR_STR_SZ,
+ "SAS Device Status Change: Added: id=%d", id);
break;
case MPI_EVENT_SAS_DEV_STAT_RC_NOT_RESPONDING:
- sprintf(buf,"SAS Device Status Change: Deleted: id=%d", id);
+ snprintf(evStr, EVENT_DESCR_STR_SZ,
+ "SAS Device Status Change: Deleted: id=%d", id);
break;
case MPI_EVENT_SAS_DEV_STAT_RC_SMART_DATA:
- sprintf(buf,"SAS Device Status Change: SMART Data: id=%d", id);
+ snprintf(evStr, EVENT_DESCR_STR_SZ,
+ "SAS Device Status Change: SMART Data: id=%d",
+ id);
break;
case MPI_EVENT_SAS_DEV_STAT_RC_NO_PERSIST_ADDED:
- sprintf(buf,"SAS Device Status Change: No Persistancy Added: id=%d", id);
+ snprintf(evStr, EVENT_DESCR_STR_SZ,
+ "SAS Device Status Change: No Persistancy "
+ "Added: id=%d", id);
break;
default:
- sprintf(buf,"SAS Device Status Change: Unknown: id=%d", id);
- break;
+ snprintf(evStr, EVENT_DESCR_STR_SZ,
+ "SAS Device Status Change: Unknown: id=%d", id);
+ break;
}
- ds = buf;
break;
}
case MPI_EVENT_ON_BUS_TIMER_EXPIRED:
@@ -5883,34 +5890,40 @@
MPI_EVENT_SAS_PLS_LR_CURRENT_SHIFT;
switch (LinkRates) {
case MPI_EVENT_SAS_PLS_LR_RATE_UNKNOWN:
- sprintf(buf,"SAS PHY Link Status: Phy=%d:"
+ snprintf(evStr, EVENT_DESCR_STR_SZ,
+ "SAS PHY Link Status: Phy=%d:"
" Rate Unknown",PhyNumber);
break;
case MPI_EVENT_SAS_PLS_LR_RATE_PHY_DISABLED:
- sprintf(buf,"SAS PHY Link Status: Phy=%d:"
+ snprintf(evStr, EVENT_DESCR_STR_SZ,
+ "SAS PHY Link Status: Phy=%d:"
" Phy Disabled",PhyNumber);
break;
case MPI_EVENT_SAS_PLS_LR_RATE_FAILED_SPEED_NEGOTIATION:
- sprintf(buf,"SAS PHY Link Status: Phy=%d:"
+ snprintf(evStr, EVENT_DESCR_STR_SZ,
+ "SAS PHY Link Status: Phy=%d:"
" Failed Speed Nego",PhyNumber);
break;
case MPI_EVENT_SAS_PLS_LR_RATE_SATA_OOB_COMPLETE:
- sprintf(buf,"SAS PHY Link Status: Phy=%d:"
+ snprintf(evStr, EVENT_DESCR_STR_SZ,
+ "SAS PHY Link Status: Phy=%d:"
" Sata OOB Completed",PhyNumber);
break;
case MPI_EVENT_SAS_PLS_LR_RATE_1_5:
- sprintf(buf,"SAS PHY Link Status: Phy=%d:"
+ snprintf(evStr, EVENT_DESCR_STR_SZ,
+ "SAS PHY Link Status: Phy=%d:"
" Rate 1.5 Gbps",PhyNumber);
break;
case MPI_EVENT_SAS_PLS_LR_RATE_3_0:
- sprintf(buf,"SAS PHY Link Status: Phy=%d:"
+ snprintf(evStr, EVENT_DESCR_STR_SZ,
+ "SAS PHY Link Status: Phy=%d:"
" Rate 3.0 Gpbs",PhyNumber);
break;
default:
- sprintf(buf,"SAS PHY Link Status: Phy=%d", PhyNumber);
+ snprintf(evStr, EVENT_DESCR_STR_SZ,
+ "SAS PHY Link Status: Phy=%d", PhyNumber);
break;
}
- ds = buf;
break;
}
case MPI_EVENT_SAS_DISCOVERY_ERROR:
@@ -5919,8 +5932,8 @@
case MPI_EVENT_IR_RESYNC_UPDATE:
{
u8 resync_complete = (u8)(evData0 >> 16);
- sprintf(buf,"IR Resync Update: Complete = %d:",resync_complete);
- ds = buf;
+ snprintf(evStr, EVENT_DESCR_STR_SZ,
+ "IR Resync Update: Complete = %d:",resync_complete);
break;
}
case MPI_EVENT_IR2:
@@ -5973,7 +5986,8 @@
ds = "Unknown";
break;
}
- strcpy(evStr,ds);
+ if (ds)
+ strncpy(evStr, ds, EVENT_DESCR_STR_SZ);
}
/*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
@@ -5995,7 +6009,7 @@
int ii;
int r = 0;
int handlers = 0;
- char evStr[100];
+ char evStr[EVENT_DESCR_STR_SZ];
u8 event;
/*
}
reply other threads:[~2006-04-26 19:24 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060426192237.GA25964@lsil.com \
--to=eric.moore@lsil.com \
--cc=James.Bottomley@SteelEye.com \
--cc=linux-scsi@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.