From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753393AbbFDMhD (ORCPT ); Thu, 4 Jun 2015 08:37:03 -0400 Received: from aserp1040.oracle.com ([141.146.126.69]:21596 "EHLO aserp1040.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752485AbbFDMhA (ORCPT ); Thu, 4 Jun 2015 08:37:00 -0400 Date: Thu, 4 Jun 2015 15:36:31 +0300 From: Dan Carpenter To: Sudip Mukherjee Cc: Thomas Petazzoni , Noralf =?iso-8859-1?Q?Tr=F8nnes?= , Greg Kroah-Hartman , devel@driverdev.osuosl.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] staging: fbtft: fix out of bound access Message-ID: <20150604123631.GE28762@mwanda> References: <1433418121-9434-1-git-send-email-sudipm.mukherjee@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1433418121-9434-1-git-send-email-sudipm.mukherjee@gmail.com> User-Agent: Mutt/1.5.21 (2010-09-15) X-Source-IP: userv0021.oracle.com [156.151.31.71] Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jun 04, 2015 at 05:12:01PM +0530, Sudip Mukherjee wrote: > size of str is 16, but in snprintf the size was mentioned as 128. > > Signed-off-by: Sudip Mukherjee > --- > drivers/staging/fbtft/fbtft-core.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/staging/fbtft/fbtft-core.c b/drivers/staging/fbtft/fbtft-core.c > index ce64521..0af84b5 100644 > --- a/drivers/staging/fbtft/fbtft-core.c > +++ b/drivers/staging/fbtft/fbtft-core.c > @@ -1096,7 +1096,7 @@ static int fbtft_init_display_dt(struct fbtft_par *par) > /* make debug message */ > msg[0] = '\0'; > for (j = 0; j < i; j++) { > - snprintf(str, 128, " %02X", buf[j]); > + snprintf(str, 16, " %02X", buf[j]); Good eye. How did you find this? The good news is buf[j] is <= 0xFFFF so it won't actually overflow. Who knows why it is zero padded 2 spaces... But use sizeof(str) instead of 16. regards, dan carpenter