From: Alan Date: Tue, 17 Dec 2013 15:05:39 +0000 (+0000) Subject: mkregtable: Fix sscanf handling X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=6b6419005ef1590f4f532899222424b4539b0511;p=GitHub%2FLineageOS%2FG12%2Fandroid_kernel_amlogic_linux-4.9.git mkregtable: Fix sscanf handling If you feed the tool a suitable bogus register map you can break it in arbitary (code executing) ways. While this isn't a particularly exciting or probable attack vector we still ought to fix it. One of a set of sscanf issues reported by Jackie Chang Signed-off-by: Alan Cox Signed-off-by: Jiri Kosina --- diff --git a/drivers/gpu/drm/radeon/mkregtable.c b/drivers/gpu/drm/radeon/mkregtable.c index af85299f2126..4a85bb644e24 100644 --- a/drivers/gpu/drm/radeon/mkregtable.c +++ b/drivers/gpu/drm/radeon/mkregtable.c @@ -655,7 +655,7 @@ static int parser_auth(struct table *t, const char *filename) /* first line will contain the last register * and gpu name */ - sscanf(buf, "%s %s", gpu_name, last_reg_s); + sscanf(buf, "%9s %9s", gpu_name, last_reg_s); t->gpu_prefix = gpu_name; last_reg = strtol(last_reg_s, NULL, 16);