Prev: vmscan: Setup pagevec as late as possible in shrink_inactive_list()
Next: SubmittingPatches: add more about patch descriptions
From: Chase Douglas on 15 Jun 2010 12:30
The nsecs_str string is a local variable defined as:

char nsecs_str[5];

It is possible for the snprintf call to use a size value larger than the
size of the string. This should not cause a buffer overrun as it is
written now due to the maximum size of the string format. However, this
change makes it correct. By making the size correct we guard against
potential future changes that could actually cause a buffer overrun.

Cc: stable(a)kernel.org
Signed-off-by: Chase Douglas <chase.douglas(a)canonical.com>
---
kernel/trace/trace_functions_graph.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/kernel/trace/trace_functions_graph.c b/kernel/trace/trace_functions_graph.c
index 79f4bac..73d6bd1 100644
--- a/kernel/trace/trace_functions_graph.c
+++ b/kernel/trace/trace_functions_graph.c
@@ -641,7 +641,8 @@ trace_print_graph_duration(unsigned long long duration, struct trace_seq *s)

/* Print nsecs (we don't want to exceed 7 numbers) */
if (len < 7) {
- snprintf(nsecs_str, 8 - len, "%03lu", nsecs_rem);
+ snprintf(nsecs_str, min(sizeof(nsecs_str), 8 - len), "%03lu",
+ nsecs_rem);
ret = trace_seq_printf(s, ".%s", nsecs_str);
if (!ret)
return TRACE_TYPE_PARTIAL_LINE;
--
1.7.0.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
 | 
Pages: 1
Prev: vmscan: Setup pagevec as late as possible in shrink_inactive_list()
Next: SubmittingPatches: add more about patch descriptions