Module Name: src
Committed By: khorben
Date: Thu Jan 4 00:09:12 UTC 2018
Modified Files:
src/sys/dev/hdaudio: hdafg.c
Log Message:
Fix off-by-one when calling snprintf(9) in hdafg_getdev()
This is actually harmless, since:
- the offset is too short rather than too long (no overflow)
- the struct audio_device comes from userland (no information leak)
"looks good to me" nat@
To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 src/sys/dev/hdaudio/hdafg.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/hdaudio/hdafg.c
diff -u src/sys/dev/hdaudio/hdafg.c:1.13 src/sys/dev/hdaudio/hdafg.c:1.14
--- src/sys/dev/hdaudio/hdafg.c:1.13 Fri Aug 4 00:25:23 2017
+++ src/sys/dev/hdaudio/hdafg.c Thu Jan 4 00:09:12 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: hdafg.c,v 1.13 2017/08/04 00:25:23 mrg Exp $ */
+/* $NetBSD: hdafg.c,v 1.14 2018/01/04 00:09:12 khorben Exp $ */
/*
* Copyright (c) 2009 Precedence Technologies Ltd <[email protected]>
@@ -60,7 +60,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: hdafg.c,v 1.13 2017/08/04 00:25:23 mrg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: hdafg.c,v 1.14 2018/01/04 00:09:12 khorben Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -4058,7 +4058,7 @@ hdafg_getdev(void *opaque, struct audio_
sc->sc_vendor);
hdaudio_findproduct(audiodev->version, sizeof(audiodev->version),
sc->sc_vendor, sc->sc_product);
- snprintf(audiodev->config, sizeof(audiodev->config) - 1,
+ snprintf(audiodev->config, sizeof(audiodev->config),
"%02Xh", sc->sc_nid);
return 0;
