[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-edac
Subject: Re: [PATCH] x86, mce: Fix stack out-of-bounds write in mce-inject.c:flags_read()
From: Borislav Petkov <bp () alien8 ! de>
Date: 2018-04-27 16:59:39
Message-ID: 20180427165939.GG15229 () pd ! tnic
[Download RAW message or body]
On Fri, Apr 27, 2018 at 09:37:08AM -0700, Luck, Tony wrote:
> Each of the strings that we want to put into the buf[MAX_FLAG_OPT_SIZE]
> in flags_read() is two characters. But the sprintf() adds a trailing newline
> and will add a terminating NUL byte. So MAX_FLAG_OPT_SIZE needs to be 4.
... and I dumped the n here:
n = sprintf(buf, "%s\n", flags_options[inj_type])
and it was 3 but sprintf() calls vsnprintf() and *that* does return:
" * The return value is the number of characters which would
* be generated for the given input, excluding the trailing
* '\0', as per ISO C99."
So I'll extend the commit message with that and apply it.
Thanks.
--
Regards/Gruss,
Boris.
Good mailing practices for 400: avoid top-posting and trim the reply.
--
To unsubscribe from this list: send the line "unsubscribe linux-edac" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic