On Wed, 2014-07-09 at 16:57 -0700, Greg Kroah-Hartman wrote: > On Sun, Jun 08, 2014 at 11:51:43PM +0100, Ben Hutchings wrote: > > snprintf() returns the number of bytes that could have been written > > (excluding the null), not the actual number of bytes written. Given a > > long enough subsystem or device name, these functions will advance > > beyond the end of the on-stack buffer in dev_vprintk_exit(), resulting > > in an information leak or stack corruption. I don't know whether such > > a long name is currently possible. > > > > In case snprintf() returns a value >= the buffer size, do not add > > structured logging information. Also WARN if this happens, so we can > > fix the driver or increase the buffer size. > > > > Signed-off-by: Ben Hutchings <b...@decadent.org.uk> > > --- > > v2: use dev_WARN() not dev_WARN_ON() > > This patch breaks the build in a huge way: > > drivers/base/core.c: In function ‘create_syslog_header’: > drivers/base/core.c:2049:16: error: expected ‘)’ before numeric constant > dev_WARN(dev, 1, "device/subsystem name too long"); > ^ > > is the start of it, it goes on for a page or so after that :(
Sorry about that, I must not have committed the working version before mailing it. If you delete the '1, ' it should work. If you've already deleted the patch, I'll check and send the working version. Ben. -- Ben Hutchings To err is human; to really foul things up requires a computer.
signature.asc
Description: This is a digitally signed message part
