From: Chen Gang <gang.chen@asianux.com>
To: Mike Frysinger <vapier@gentoo.org>,
anton.vorontsov@linaro.org, Richard Kuo <rkuo@codeaurora.org>,
jesper.nilsson@axis.com
Cc: Andrew Morton <akpm@linux-foundation.org>,
David Miller <davem@davemloft.net>,
"uclinux-dist-devel@blackfin.uclinux.org"
<uclinux-dist-devel@blackfin.uclinux.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Linux-Arch <linux-arch@vger.kernel.org>
Subject: [PATCH] arch: blackfin: kernel: memory overflow, 'namebuf' length need be more than 256
Date: Wed, 29 May 2013 18:07:02 +0800 [thread overview]
Message-ID: <51A5D346.4010007@asianux.com> (raw)
In-Reply-To: <51A5CDB4.9000204@asianux.com>
The 'name' length in decode_address() may be 255, after call d_path()
successfully.
So for decode_address(), the input 'buf' need be more than 256, or may
memory overflow.
For simply thinking of, use 'namebuf[512]' instead of 'namebuf[150]'
which will pass to decode_address() as input 'buf'.
Also better use macro instead of hard code number when processing
symbols work.
Signed-off-by: Chen Gang <gang.chen@asianux.com>
---
arch/blackfin/kernel/trace.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/blackfin/kernel/trace.c b/arch/blackfin/kernel/trace.c
index c36efa0..4fecd3e 100644
--- a/arch/blackfin/kernel/trace.c
+++ b/arch/blackfin/kernel/trace.c
@@ -37,7 +37,7 @@ void decode_address(char *buf, unsigned long address)
const char *symname;
char *modname;
char *delim = ":";
- char namebuf[128];
+ char namebuf[KSYM_NAME_LEN];
#endif
buf += sprintf(buf, "<0x%08lx> ", address);
@@ -845,7 +845,7 @@ void dump_bfin_mem(struct pt_regs *fp)
void show_regs(struct pt_regs *fp)
{
- char buf[150];
+ char buf[512];
struct irqaction *action;
unsigned int i;
unsigned long flags = 0;
--
1.7.7.6
next prev parent reply other threads:[~2013-05-29 10:07 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-29 9:43 [PATCH] arch: blackfin: kernel: sprintf(), need avoid NUL for '%s' Chen Gang
2013-05-29 9:43 ` Chen Gang
2013-05-29 10:07 ` Chen Gang [this message]
2013-05-29 11:30 ` [PATCH] arch: blackfin: kernel: memory overflow, 'namebuf' length need be more than 256 Geert Uytterhoeven
2013-05-29 12:06 ` Chen Gang
2013-06-16 3:02 ` [PATCH] arch: blackfin: kernel: sprintf(), need avoid NUL for '%s' Mike Frysinger
2013-06-16 3:02 ` Mike Frysinger
2013-06-17 1:13 ` Chen Gang
2013-06-17 1:13 ` Chen Gang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51A5D346.4010007@asianux.com \
--to=gang.chen@asianux.com \
--cc=akpm@linux-foundation.org \
--cc=anton.vorontsov@linaro.org \
--cc=davem@davemloft.net \
--cc=jesper.nilsson@axis.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rkuo@codeaurora.org \
--cc=uclinux-dist-devel@blackfin.uclinux.org \
--cc=vapier@gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox