From: Johan Hovold Date: Fri, 28 Aug 2015 09:58:24 +0000 (+0200) Subject: greybus: firmware: fix potential stack corruption X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=af0b4d5a19e3d49059afe91307fce980291f43f9;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git greybus: firmware: fix potential stack corruption Use snprintf when generating the firmware name to avoid stack corruption if the fixed-size buffer overflows. Note that the current buffer size appears to expect 16-bit ids while the they are actually 32-bit, something which could trigger the corruption. Signed-off-by: Johan Hovold Reviewed-by: Viresh Kumar --- diff --git a/drivers/staging/greybus/firmware.c b/drivers/staging/greybus/firmware.c index 13efaabb891b..e888b7ae4c59 100644 --- a/drivers/staging/greybus/firmware.c +++ b/drivers/staging/greybus/firmware.c @@ -38,9 +38,10 @@ static int download_firmware(struct gb_firmware *firmware, u8 stage) * * XXX Name it properly.. */ - sprintf(firmware_name, "ara:%04x:%04x:%04x:%04x:%04x.fw", intf->unipro_mfg_id, - intf->unipro_prod_id, intf->ara_vend_id, intf->ara_prod_id, - stage); + snprintf(firmware_name, sizeof(firmware_name), + "ara:%04x:%04x:%04x:%04x:%04x.fw", + intf->unipro_mfg_id, intf->unipro_prod_id, + intf->ara_vend_id, intf->ara_prod_id, stage); return request_firmware(&firmware->fw, firmware_name, &connection->dev); }