diff options
| author | Aleksei Gimbitskii <aleksei.gimbitskii@intel.com> | 2019-04-23 14:04:10 +0200 |
|---|---|---|
| committer | Zhenyu Wang <zhenyuw@linux.intel.com> | 2019-04-25 09:34:59 +0200 |
| commit | 4feeea1d8d7713c5838d99c1fdfcc2e90c0f977d (patch) | |
| tree | d4770ea1f4facd77cb9d714788f0098f131958f1 /drivers/gpu | |
| parent | drm/i915/gvt: Do not copy the uninitialized pointer from fb_info (diff) | |
| download | linux-4feeea1d8d7713c5838d99c1fdfcc2e90c0f977d.tar.xz linux-4feeea1d8d7713c5838d99c1fdfcc2e90c0f977d.zip | |
drm/i915/gvt: Use snprintf() to prevent possible buffer overflow.
For printing the intel_vgpu->id, a buffer with fixed length is allocated
on the stack. But if vgpu->id is greater than 6 characters, the buffer
overflow will happen. Even the string of the amount of max vgpu is less
that the length buffer right now, it's better to replace sprintf() with
snprintf().
v2:
- Increase the size of the buffer. (Colin Xu)
This patch fixed the critical issue #673 reported by klocwork.
Signed-off-by: Aleksei Gimbitskii <aleksei.gimbitskii@intel.com>
Cc: Zhenyu Wang <zhenyuw@linux.intel.com>
Cc: Zhi Wang <zhi.a.wang@intel.com>
Cc: Colin Xu <colin.xu@intel.com>
Reviewed-by: Colin Xu <colin.xu@intel.com>
Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
Diffstat (limited to 'drivers/gpu')
| -rw-r--r-- | drivers/gpu/drm/i915/gvt/debugfs.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/drivers/gpu/drm/i915/gvt/debugfs.c b/drivers/gpu/drm/i915/gvt/debugfs.c index 2ec89bcb59f1..8a9606f91e68 100644 --- a/drivers/gpu/drm/i915/gvt/debugfs.c +++ b/drivers/gpu/drm/i915/gvt/debugfs.c @@ -196,9 +196,9 @@ DEFINE_SIMPLE_ATTRIBUTE(vgpu_scan_nonprivbb_fops, int intel_gvt_debugfs_add_vgpu(struct intel_vgpu *vgpu) { struct dentry *ent; - char name[10] = ""; + char name[16] = ""; - sprintf(name, "vgpu%d", vgpu->id); + snprintf(name, 16, "vgpu%d", vgpu->id); vgpu->debugfs = debugfs_create_dir(name, vgpu->gvt->debugfs_root); if (!vgpu->debugfs) return -ENOMEM; |