We print a 256 byte event string into a buffer that is only 161
bytes long, this is clearly wrong:
drivers/scsi/gdth_proc.c: In function 'gdth_show_info':
drivers/scsi/gdth.c:3660:41: error: '%s' directive writing up to 255 bytes into
a region of size between 141 and 150 [-Werror=format-overflow=]
sprintf(buffer,"Adapter %d: %s\n",
^~
/git/arm-soc/drivers/scsi/gdth.c:3660:13: note: 'sprintf' output between 13 and
277 bytes into a destination of size 161
sprintf(buffer,"Adapter %d: %s\n",
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
dvr->eu.async.ionode,dvr->event_string);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gcc calculates that the worst case buffer size would be 277 bytes,
so we can use that.
Signed-off-by: Arnd Bergmann <a...@arndb.de>
---
drivers/scsi/gdth_proc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/gdth_proc.c b/drivers/scsi/gdth_proc.c
index be609db66807..d08b2716752c 100644
--- a/drivers/scsi/gdth_proc.c
+++ b/drivers/scsi/gdth_proc.c
@@ -147,7 +147,7 @@ int gdth_show_info(struct seq_file *m, struct Scsi_Host
*host)
gdth_cmd_str *gdtcmd;
gdth_evt_str *estr;
- char hrec[161];
+ char hrec[277];
char *buf;
gdth_dskstat_str *pds;
--
2.9.0
