| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 27 Apr 2016 01:02:21 +0200
From: Ben Hutchings <ben@...adent.org.uk>
To: linux-kernel@...r.kernel.org, stable@...r.kernel.org
CC: akpm@...ux-foundation.org,
"Alexander Usyskin" <alexander.usyskin@...el.com>,
"Tomas Winkler" <tomas.winkler@...el.com>,
"Greg Kroah-Hartman" <gregkh@...uxfoundation.org>
Subject: [PATCH 3.16 034/217] mei: fix format string in debug prints
3.16.35-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Alexander Usyskin <alexander.usyskin@...el.com>
commit 35bf7692e765c2275bf93fe573f7ca868ab73453 upstream.
buf_idx type was changed to size_t, and few places
missed out to change the print format from %ld to %zu.
Use also uz for buf.size which is also of size_t
Fixes:
commit 56988f22e097 ("mei: fix possible integer overflow issue")'
Signed-off-by: Alexander Usyskin <alexander.usyskin@...el.com>
Signed-off-by: Tomas Winkler <tomas.winkler@...el.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
[bwh: Backported to 3.16: adjust context]
Signed-off-by: Ben Hutchings <ben@...adent.org.uk>
---
drivers/misc/mei/amthif.c | 2 +-
drivers/misc/mei/client.c | 2 +-
drivers/misc/mei/interrupt.c | 6 +++---
drivers/misc/mei/main.c | 2 +-
4 files changed, 6 insertions(+), 6 deletions(-)
--- a/drivers/misc/mei/amthif.c
+++ b/drivers/misc/mei/amthif.c
@@ -234,7 +234,7 @@ int mei_amthif_read(struct mei_device *d
* remove message from deletion list
*/
- dev_dbg(&dev->pdev->dev, "amthif cb->response_buffer.size - %zd cb->buf_idx - %zd\n",
+ dev_dbg(&dev->pdev->dev, "amthif cb->response_buffer.size - %zu cb->buf_idx - %zu\n",
cb->response_buffer.size, cb->buf_idx);
/* length is being truncated to PAGE_SIZE, however,
--- a/drivers/misc/mei/client.c
+++ b/drivers/misc/mei/client.c
@@ -849,7 +849,7 @@ int mei_cl_irq_write(struct mei_cl *cl,
return 0;
}
- cl_dbg(dev, cl, "buf: size = %zd idx = %zd\n",
+ cl_dbg(dev, cl, "buf: size = %zu idx = %zu\n",
cb->request_buffer.size, cb->buf_idx);
rets = mei_write_message(dev, &mei_hdr, buf->data + cb->buf_idx);
--- a/drivers/misc/mei/interrupt.c
+++ b/drivers/misc/mei/interrupt.c
@@ -121,7 +121,7 @@ static int mei_cl_irq_read_msg(struct me
buf_sz = mei_hdr->length + cb->buf_idx;
/* catch for integer overflow */
if (buf_sz < cb->buf_idx) {
- cl_err(dev, cl, "message is too big len %d idx %ld\n",
+ cl_err(dev, cl, "message is too big len %d idx %zu\n",
mei_hdr->length, cb->buf_idx);
list_del(&cb->list);
@@ -129,7 +129,7 @@ static int mei_cl_irq_read_msg(struct me
}
if (cb->response_buffer.size < buf_sz) {
- cl_dbg(dev, cl, "message overflow. size %zd len %d idx %zd\n",
+ cl_dbg(dev, cl, "message overflow. size %zu len %d idx %zu\n",
cb->response_buffer.size,
mei_hdr->length, cb->buf_idx);
buffer = krealloc(cb->response_buffer.data, buf_sz, GFP_KERNEL);
@@ -150,7 +150,7 @@ static int mei_cl_irq_read_msg(struct me
if (mei_hdr->msg_complete) {
cl->status = 0;
list_del(&cb->list);
- cl_dbg(dev, cl, "completed read length = %lu\n",
+ cl_dbg(dev, cl, "completed read length = %zu\n",
cb->buf_idx);
list_add_tail(&cb->list, &complete_list->list);
}
--- a/drivers/misc/mei/main.c
+++ b/drivers/misc/mei/main.c
@@ -262,7 +262,7 @@ static ssize_t mei_read(struct file *fil
}
/* now copy the data to user space */
copy_buffer:
- dev_dbg(&dev->pdev->dev, "buf.size = %zd buf.idx = %zd\n",
+ dev_dbg(&dev->pdev->dev, "buf.size = %zu buf.idx = %zu\n",
cb->response_buffer.size, cb->buf_idx);
if (length == 0 || ubuf == NULL || *offset > cb->buf_idx) {
rets = -EMSGSIZE;
Powered by blists - more mailing lists