Commit 79a49168 authored by Guenter Roeck's avatar Guenter Roeck Committed by Zhang Rui

thermal: fix potential out-of-bounds memory access

temp_crit.name and temp_input.name have a length of 16 bytes.  Using
THERMAL_NAME_LENGTH (20) as length parameter for snprintf() may result in
out-of-bounds memory accesses.  Replace it with sizeof().

Addresses Coverity #115679
Signed-off-by: default avatarGuenter Roeck <linux@roeck-us.net>
Cc: Len Brown <lenb@kernel.org>
Cc: "Brown, Len" <len.brown@intel.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarZhang Rui <rui.zhang@intel.com>
parent f4a821ce
...@@ -598,7 +598,7 @@ thermal_add_hwmon_sysfs(struct thermal_zone_device *tz) ...@@ -598,7 +598,7 @@ thermal_add_hwmon_sysfs(struct thermal_zone_device *tz)
temp->tz = tz; temp->tz = tz;
hwmon->count++; hwmon->count++;
snprintf(temp->temp_input.name, THERMAL_NAME_LENGTH, snprintf(temp->temp_input.name, sizeof(temp->temp_input.name),
"temp%d_input", hwmon->count); "temp%d_input", hwmon->count);
temp->temp_input.attr.attr.name = temp->temp_input.name; temp->temp_input.attr.attr.name = temp->temp_input.name;
temp->temp_input.attr.attr.mode = 0444; temp->temp_input.attr.attr.mode = 0444;
...@@ -611,7 +611,8 @@ thermal_add_hwmon_sysfs(struct thermal_zone_device *tz) ...@@ -611,7 +611,8 @@ thermal_add_hwmon_sysfs(struct thermal_zone_device *tz)
if (tz->ops->get_crit_temp) { if (tz->ops->get_crit_temp) {
unsigned long temperature; unsigned long temperature;
if (!tz->ops->get_crit_temp(tz, &temperature)) { if (!tz->ops->get_crit_temp(tz, &temperature)) {
snprintf(temp->temp_crit.name, THERMAL_NAME_LENGTH, snprintf(temp->temp_crit.name,
sizeof(temp->temp_crit.name),
"temp%d_crit", hwmon->count); "temp%d_crit", hwmon->count);
temp->temp_crit.attr.attr.name = temp->temp_crit.name; temp->temp_crit.attr.attr.name = temp->temp_crit.name;
temp->temp_crit.attr.attr.mode = 0444; temp->temp_crit.attr.attr.mode = 0444;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment