From: Alan Cox Date: Thu, 12 Dec 2013 02:44:24 +0000 (+0000) Subject: i40e: Fix off by one in i40e_dbg_command_write X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=5561b6a1b3abaa27f6e52e4f7559c8733ca45e69;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git i40e: Fix off by one in i40e_dbg_command_write We assume that the resulting buffer is zero terminated when we then re-use it. The sscanf is limited to 512 bytes but needs to be 511 to allow for a terminator. One of a set of problems noted by Jackie Chang Signed-off-by: Alan Cox Acked-by: Shannon Nelson Tested-by: Kavindya Deegala Signed-off-by: Jeff Kirsher --- diff --git a/drivers/net/ethernet/intel/i40e/i40e_debugfs.c b/drivers/net/ethernet/intel/i40e/i40e_debugfs.c index aaa2b5cc47d3..e201060fe368 100644 --- a/drivers/net/ethernet/intel/i40e/i40e_debugfs.c +++ b/drivers/net/ethernet/intel/i40e/i40e_debugfs.c @@ -1547,7 +1547,7 @@ static ssize_t i40e_dbg_command_write(struct file *filp, if (strncmp(cmd_buf, "add", 3) == 0) add = true; cnt = sscanf(&cmd_buf[13], - "%hx %2hhx %2hhx %hx %2hhx %2hhx %hx %x %hd %512s", + "%hx %2hhx %2hhx %hx %2hhx %2hhx %hx %x %hd %511s", &fd_data.q_index, &fd_data.flex_off, &fd_data.pctype, &fd_data.dest_vsi, &fd_data.dest_ctl,