kernel/kexec.c: use vscnprintf() instead of vsnprintf() in vmcoreinfo_append_str()
authorChen Gang <gang.chen@asianux.com>
Tue, 28 Jan 2014 01:07:13 +0000 (17:07 -0800)
committerLinus Torvalds <torvalds@linux-foundation.org>
Tue, 28 Jan 2014 05:02:40 +0000 (21:02 -0800)
vsnprintf() may let 'r' larger than sizeof(buf), in this case, if 'r' is
also less than "vmcoreinfo_max_size - vmcoreinfo_size" (left size of
destination buffer), next memcpy() will read the unexpected addresses.

Signed-off-by: Chen Gang <gang.chen@asianux.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
kernel/kexec.c

index ac738781d35686601e793a6901f7d677086357c0..60bafbed06abd7a7b2defd0c031ca18b7287a37e 100644 (file)
@@ -1537,7 +1537,7 @@ void vmcoreinfo_append_str(const char *fmt, ...)
        size_t r;
 
        va_start(args, fmt);
-       r = vsnprintf(buf, sizeof(buf), fmt, args);
+       r = vscnprintf(buf, sizeof(buf), fmt, args);
        va_end(args);
 
        r = min(r, vmcoreinfo_max_size - vmcoreinfo_size);