5ff24d6010
sprintf() can access memory outside of the range of the character array, and is risky in some situations. The driver specified prop_name string can be longer than NAME_MAX here (only an attacker will do that though) and so blindly copying it into the character array of size NAME_MAX isn't safe. Instead we must use snprintf() here. Reported-by: Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org> Acked-by: Geert Uytterhoeven <geert+renesas@glider.be> Acked-by: Stephen Boyd <sboyd@codeaurora.org> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com> |
||
---|---|---|
.. | ||
power | ||
regmap | ||
attribute_container.c | ||
base.h | ||
bus.c | ||
cacheinfo.c | ||
class.c | ||
component.c | ||
container.c | ||
core.c | ||
cpu.c | ||
dd.c | ||
devcoredump.c | ||
devres.c | ||
devtmpfs.c | ||
dma-coherent.c | ||
dma-contiguous.c | ||
dma-mapping.c | ||
driver.c | ||
firmware.c | ||
firmware_class.c | ||
hypervisor.c | ||
init.c | ||
isa.c | ||
Kconfig | ||
Makefile | ||
map.c | ||
memory.c | ||
module.c | ||
node.c | ||
pinctrl.c | ||
platform-msi.c | ||
platform.c | ||
property.c | ||
soc.c | ||
syscore.c | ||
topology.c | ||
transport_class.c |