If you feed the tool a suitable bogus register map you can break it
in arbitary (code executing) ways. While this isn't a particularly
exciting or probable attack vector we still ought to fix it.
One of a set of sscanf issues reported by Jackie Chang
Signed-off-by: Alan Cox <alan at linux.intel.com>
---
drivers/gpu/drm/radeon/mkregtable.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/radeon/mkregtable.c
b/drivers/gpu/drm/radeon/mkregtable.c
index af85299..4a85bb6 100644
--- a/drivers/gpu/drm/radeon/mkregtable.c
+++ b/drivers/gpu/drm/radeon/mkregtable.c
@@ -655,7 +655,7 @@ static int parser_auth(struct table *t, const char
*filename)
/* first line will contain the last register
* and gpu name */
- sscanf(buf, "%s %s", gpu_name, last_reg_s);
+ sscanf(buf, "%9s %9s", gpu_name, last_reg_s);
t->gpu_prefix = gpu_name;
last_reg = strtol(last_reg_s, NULL, 16);
