[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-edac
Subject:    Re: [PATCH] x86, mce: Fix stack out-of-bounds write in mce-inject.c:flags_read()
From:       Borislav Petkov <bp () alien8 ! de>
Date:       2018-04-27 16:59:39
Message-ID: 20180427165939.GG15229 () pd ! tnic
[Download RAW message or body]

On Fri, Apr 27, 2018 at 09:37:08AM -0700, Luck, Tony wrote:
> Each of the strings that we want to put into the buf[MAX_FLAG_OPT_SIZE]
> in flags_read() is two characters. But the sprintf() adds a trailing newline
> and will add a terminating NUL byte. So MAX_FLAG_OPT_SIZE needs to be 4.

... and I dumped the n here:

	n = sprintf(buf, "%s\n", flags_options[inj_type])

and it was 3 but sprintf() calls vsnprintf() and *that* does return:

" * The return value is the number of characters which would
 * be generated for the given input, excluding the trailing
 * '\0', as per ISO C99."

So I'll extend the commit message with that and apply it.

Thanks.

-- 
Regards/Gruss,
    Boris.

Good mailing practices for 400: avoid top-posting and trim the reply.
--
To unsubscribe from this list: send the line "unsubscribe linux-edac" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]