[PATCH] Staging: unisys: virthba: Fix variable length array

Ken Cox Fri, 07 Mar 2014 05:11:30 -0800

A character array was declared on the stack with variable length.  This has
been corrected to use a fixed length.


Reported-by: Dan Carpenter <dan.carpen...@oracle.com>
Signed-off-by: Ken Cox <j...@redhat.com>
---
 drivers/staging/unisys/virthba/virthba.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/drivers/staging/unisys/virthba/virthba.c 
b/drivers/staging/unisys/virthba/virthba.c
index c292293..3820c57 100644
--- a/drivers/staging/unisys/virthba/virthba.c
+++ b/drivers/staging/unisys/virthba/virthba.c
@@ -1439,12 +1439,17 @@ static ssize_t
 enable_ints_write(struct file *file, const char __user *buffer,
                  size_t count, loff_t *ppos)
 {
-       char buf[count + 1];
+       char buf[4];
        int i, new_value;
        struct virthba_info *virthbainfo;
        U64 *Features_addr;
        U64 mask;
 
+       if (count > 2) {
+               LOGERR("invalid  count<<%lu>>\n", count);
+               return -EINVAL;
+       }
+
        buf[count] = '\0';
        if (copy_from_user(buf, buffer, count)) {
                LOGERR("copy_from_user failed. buf<<%.*s>> count<<%lu>>\n",
-- 
1.8.5.3

_______________________________________________
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel

[PATCH] Staging: unisys: virthba: Fix variable length array

Reply via email to