Re: arch/arm/mach-omap2/mux.c: Off by one error

[Tony Lindgren]

* d binderman <dcb314@xxxxxxxxxxx> [100131 04:14]:
> 
> 
> Hello there,
> 
> I just ran the sourceforge tool cppcheck over the source code of the
> new Linux kernel 2.6.33-rc6
> 
> It said
> 
> [./arm/mach-omap2/mux.c:492]: (error) Buffer access out-of-bounds
> 
> The source code is
> 
> ÂÂÂÂÂÂÂ char mode[14];
> ÂÂÂÂÂÂÂ int i = -1;
> 
> ÂÂÂÂÂÂÂ sprintf(mode, "OMAP_MUX_MODE%d", val & 0x7);
> 
> 13 characters + 1 digit + 1 zero byte is more than 14 characters.
> 
> Suggest new code
> 
> ÂÂÂÂÂÂÂ char mode[15];
> ÂÂÂÂÂÂÂ int i = -1;
> 
> ÂÂÂÂÂÂÂ sprintf(mode, "OMAP_MUX_MODE%d", val & 0x7);

Thanks for reporting this.

I'll queue up the following fix for this for 2.6.34.

Regards,

Tony

From: Tony Lindgren <tony@xxxxxxxxxxx>
Date: Mon, 1 Feb 2010 13:03:42 -0800
Subject: [PATCH] omap: Fix arch/arm/mach-omap2/mux.c: Off by one error

David Binderman ran the sourceforge tool cppcheck over the source code of the
new Linux kernel 2.6.33-rc6:

[./arm/mach-omap2/mux.c:492]: (error) Buffer access out-of-bounds

13 characters + 1 digit + 1 zero byte is more than 14 characters.

Reported-by: David Binderman <dcb314@xxxxxxxxxxx>
Signed-off-by: Tony Lindgren <tony@xxxxxxxxxxx>

diff --git a/arch/arm/mach-omap2/mux.c b/arch/arm/mach-omap2/mux.c
index 32764be..047aa57 100644
--- a/arch/arm/mach-omap2/mux.c
+++ b/arch/arm/mach-omap2/mux.c
@@ -486,7 +486,7 @@ int __init omap_mux_init_signal(char *muxname, int val)
 static inline void omap_mux_decode(struct seq_file *s, u16 val)
 {
 	char *flags[OMAP_MUX_MAX_NR_FLAGS];
-	char mode[14];
+	char mode[15];
 	int i = -1;
 
 	sprintf(mode, "OMAP_MUX_MODE%d", val & 0x7);
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/