| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20150604124332.GA20510@sudip-PC> Date: Thu, 4 Jun 2015 18:17:18 +0530 From: Sudip Mukherjee <sudipm.mukherjee@...il.com> To: Dan Carpenter <dan.carpenter@...cle.com> Cc: Thomas Petazzoni <thomas.petazzoni@...e-electrons.com>, Noralf Trønnes <noralf@...nnes.org>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, devel@...verdev.osuosl.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] staging: fbtft: fix out of bound access On Thu, Jun 04, 2015 at 03:36:31PM +0300, Dan Carpenter wrote: > On Thu, Jun 04, 2015 at 05:12:01PM +0530, Sudip Mukherjee wrote: > > size of str is 16, but in snprintf the size was mentioned as 128. > > > > Signed-off-by: Sudip Mukherjee <sudip@...torindia.org> > > --- <snip> > Good eye. How did you find this? :) not me. cppcheck. > > The good news is buf[j] is <= 0xFFFF so it won't actually overflow. Who > knows why it is zero padded 2 spaces... But use sizeof(str) instead of > 16. but my v2 will remove the use of msg and str. regards sudip > > regards, > dan carpenter > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists