From mboxrd@z Thu Jan  1 00:00:00 1970
From: Alexander Strakh <strakh@ispras.ru>
Subject: BUG printk with not null-terminated string in driver /drivers/acpi/osl.c
Date: Tue, 22 Dec 2009 18:46:02 +0000
Message-ID: <200912221846.02318.strakh@ispras.ru>
Mime-Version: 1.0
Content-Type: Text/Plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-acpi-owner@vger.kernel.org>
Received: from smtp.ispras.ru ([83.149.198.201]:53275 "EHLO smtp.ispras.ru"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751141AbZLVOkx (ORCPT <rfc822;linux-acpi@vger.kernel.org>);
	Tue, 22 Dec 2009 09:40:53 -0500
Sender: linux-acpi-owner@vger.kernel.org
List-Id: linux-acpi@vger.kernel.org
To: Matthew Wilcox <willy@linux.intel.com>, Paul Diefenbaugh <paul.s.diefenbaugh@intel.com>, Andy Grover <andrew.grover@intel.com>, Len Brown <lenb@kernel.org>, linux-acpi@vger.kernel.org

        In driver drivers/acpi/osl.c in function acpi_osi_setup:
1. If in line 555 *osi_additional_string == 0 then we goto line 1039
2. In line 1039: if length of str > OSI_STRING_LENGTH_MAX then 
osi_additional_string not have 0 at the end.
3. In line 1040 printk called with not null-terminated string.
1026 int __init acpi_osi_setup(char *str)
1027 {
1028         if (str == NULL || *str == '\0') {
1029                 printk(KERN_INFO PREFIX "_OSI method disabled\n");
1030                 acpi_gbl_create_osi_method = FALSE;
1031         } else if (!strcmp("!Linux", str)) {
1032                 acpi_cmdline_osi_linux(0);      /* !enable */
1033         } else if (*str == '!') {
1034                 if (acpi_osi_invalidate(++str) == AE_OK)
1035                         printk(KERN_INFO PREFIX "Deleted _OSI(%s)\n", 
str);
1036         } else if (!strcmp("Linux", str)) {
1037                 acpi_cmdline_osi_linux(1);      /* enable */
1038         } else if (*osi_additional_string == '\0') {
1039                 strncpy(osi_additional_string, str, 
OSI_STRING_LENGTH_MAX);
1040                 printk(KERN_INFO PREFIX "Added _OSI(%s)\n", str);
1041         }
1042
1043         return 1;
1044 }

Found by Linux Device Drivers Verification (Svace detector)

Add terminate symbol for string in any cases.

Signed-off-by: Alexander Strakh <strakh@ispras.ru>

---
diff --git a/./0000/drivers/acpi/osl.c b/./0001/drivers/acpi/osl.c
index 02e8464..9c759f8 100644
--- a/./0000/drivers/acpi/osl.c
+++ b/./0001/drivers/acpi/osl.c
@@ -1037,6 +1037,7 @@ int __init acpi_osi_setup(char *str)
 		acpi_cmdline_osi_linux(1);	/* enable */
 	} else if (*osi_additional_string == '\0') {
 		strncpy(osi_additional_string, str, OSI_STRING_LENGTH_MAX);
+		osi_additional_string[OSI_STRING_LENGTH_MAX - 1] = 0;
 		printk(KERN_INFO PREFIX "Added _OSI(%s)\n", str);
 	}