Commit ebfddb3d authored Sep 13, 2017 by Arnd Bergmann Committed by Linus Torvalds Sep 13, 2017

fscache: fix fscache_objlist_show format processing

gcc points out a minor bug in the handling of unknown cookie types,
which could result in a string overflow when the integer is copied into
a 3-byte string:

  fs/fscache/object-list.c: In function 'fscache_objlist_show':
  fs/fscache/object-list.c:265:19: error: 'sprintf' may write a terminating nul past the end of the destination [-Werror=format-overflow=]
   sprintf(_type, "%02u", cookie->def->type);
                  ^~~~~~
  fs/fscache/object-list.c:265:4: note: 'sprintf' output between 3 and 4 bytes into a destination of size 3

This is currently harmless as no code sets a type other than 0 or 1, but
it makes sense to use snprintf() here to avoid overflowing the array if
that changes.

Link: http://lkml.kernel.org/r/20170714120720.906842-22-arnd@arndb.de


Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

parent 8185f570

fs/fscache/object-list.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -262,7 +262,8 @@ static int fscache_objlist_show(struct seq_file m, void v)
		type = "DT";
		break;
		default:
		sprintf(_type, "%02u", cookie->def->type);
		snprintf(_type, sizeof(_type), "%02u",
		cookie->def->type);
		type = _type;
		break;
		}

Admin message