Skip to content

Commit

Permalink
kernel/kexec.c: use vscnprintf() instead of vsnprintf() in vmcoreinfo…
Browse files Browse the repository at this point in the history 
…_append_str()

vsnprintf() may let 'r' larger than sizeof(buf), in this case, if 'r' is
also less than "vmcoreinfo_max_size - vmcoreinfo_size" (left size of
destination buffer), next memcpy() will read the unexpected addresses.

Signed-off-by: Chen Gang <gang.chen@asianux.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
  • Loading branch information
@torvalds
Chen Gang authored and torvalds committed Jan 28, 2014
1 parent 53e0ee9 commit a19428e
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion kernel/kexec.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1537,7 +1537,7 @@ void vmcoreinfo_append_str(const char *fmt, ...)
size_t r;

va_start(args, fmt);
r = vsnprintf(buf, sizeof(buf), fmt, args);
r = vscnprintf(buf, sizeof(buf), fmt, args);
va_end(args);

r = min(r, vmcoreinfo_max_size - vmcoreinfo_size);
Expand Down

0 comments on commit a19428e

Please sign in to comment.