lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Wed, 17 Feb 2016 18:27:34 +0200
From:	Tomas Winkler <tomas.winkler@...el.com>
To:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:	Alexander Usyskin <alexander.usyskin@...el.com>,
	linux-kernel@...r.kernel.org,
	Tomas Winkler <tomas.winkler@...el.com>,
	Joe Perches <joe@...ches.com>
Subject: [char-misc-next V3] mei: fix format string in debug prints

From: Alexander Usyskin <alexander.usyskin@...el.com>

buf_idx type was changed to size_t, and few places
missed out to change the print format from %ld to %zu.
Use also uz for buf.size which is also of size_t

Fixes:
commit 56988f22e097 ("mei: fix possible integer overflow issue")'

Signed-off-by: Alexander Usyskin <alexander.usyskin@...el.com>
Signed-off-by: Tomas Winkler <tomas.winkler@...el.com>
---
Cc: Joe Perches <joe@...ches.com>
V2: use %ud for size_t instead of %zd
V3: find few more instances and use %uz also buf.size

 drivers/misc/mei/amthif.c    | 2 +-
 drivers/misc/mei/client.c    | 2 +-
 drivers/misc/mei/interrupt.c | 6 +++---
 drivers/misc/mei/main.c      | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/drivers/misc/mei/amthif.c b/drivers/misc/mei/amthif.c
index 04525ada9eda..194360a5f782 100644
--- a/drivers/misc/mei/amthif.c
+++ b/drivers/misc/mei/amthif.c
@@ -160,7 +160,7 @@ int mei_amthif_read(struct mei_device *dev, struct file *file,
 		 * remove message from deletion list
 		 */
 
-	dev_dbg(dev->dev, "amthif cb->buf.size - %zd cb->buf_idx - %zd\n",
+	dev_dbg(dev->dev, "amthif cb->buf.size - %zu cb->buf_idx - %zu\n",
 		cb->buf.size, cb->buf_idx);
 
 	/* length is being truncated to PAGE_SIZE, however,
diff --git a/drivers/misc/mei/client.c b/drivers/misc/mei/client.c
index a9cdb92b52d1..bab17e4197b6 100644
--- a/drivers/misc/mei/client.c
+++ b/drivers/misc/mei/client.c
@@ -1583,7 +1583,7 @@ int mei_cl_irq_write(struct mei_cl *cl, struct mei_cl_cb *cb,
 		return 0;
 	}
 
-	cl_dbg(dev, cl, "buf: size = %zd idx = %zd\n",
+	cl_dbg(dev, cl, "buf: size = %zu idx = %zu\n",
 			cb->buf.size, cb->buf_idx);
 
 	rets = mei_write_message(dev, &mei_hdr, buf->data + cb->buf_idx);
diff --git a/drivers/misc/mei/interrupt.c b/drivers/misc/mei/interrupt.c
index 06b744a503a3..1e5cb1f704f8 100644
--- a/drivers/misc/mei/interrupt.c
+++ b/drivers/misc/mei/interrupt.c
@@ -128,7 +128,7 @@ int mei_cl_irq_read_msg(struct mei_cl *cl,
 	buf_sz = mei_hdr->length + cb->buf_idx;
 	/* catch for integer overflow */
 	if (buf_sz < cb->buf_idx) {
-		cl_err(dev, cl, "message is too big len %d idx %ld\n",
+		cl_err(dev, cl, "message is too big len %d idx %zu\n",
 		       mei_hdr->length, cb->buf_idx);
 
 		list_move_tail(&cb->list, &complete_list->list);
@@ -137,7 +137,7 @@ int mei_cl_irq_read_msg(struct mei_cl *cl,
 	}
 
 	if (cb->buf.size < buf_sz) {
-		cl_dbg(dev, cl, "message overflow. size %zd len %d idx %zd\n",
+		cl_dbg(dev, cl, "message overflow. size %zu len %d idx %zu\n",
 			cb->buf.size, mei_hdr->length, cb->buf_idx);
 		buffer = krealloc(cb->buf.data, buf_sz, GFP_KERNEL);
 
@@ -156,7 +156,7 @@ int mei_cl_irq_read_msg(struct mei_cl *cl,
 	cb->buf_idx += mei_hdr->length;
 
 	if (mei_hdr->msg_complete) {
-		cl_dbg(dev, cl, "completed read length = %lu\n", cb->buf_idx);
+		cl_dbg(dev, cl, "completed read length = %zu\n", cb->buf_idx);
 		list_move_tail(&cb->list, &complete_list->list);
 	} else {
 		pm_runtime_mark_last_busy(dev->dev);
diff --git a/drivers/misc/mei/main.c b/drivers/misc/mei/main.c
index 7e637eb46cb9..52635b063873 100644
--- a/drivers/misc/mei/main.c
+++ b/drivers/misc/mei/main.c
@@ -221,7 +221,7 @@ copy_buffer:
 		goto free;
 	}
 
-	cl_dbg(dev, cl, "buf.size = %zd buf.idx = %zd offset = %lld\n",
+	cl_dbg(dev, cl, "buf.size = %zu buf.idx = %zu offset = %lld\n",
 	       cb->buf.size, cb->buf_idx, *offset);
 	if (*offset >= cb->buf_idx) {
 		rets = 0;
-- 
2.4.3

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ