Re: [PATCH] PM / OPP: Use snprintf() instead of sprintf()

5 Jan 2016


      On 01/05, Viresh Kumar wrote:
...
sprintf() can access memory outside of the range of the character array,
and is risky in some situations. The driver specified prop_name string
can be longer than NAME_MAX here (only an attacker will do that though)
and so blindly copying it into the character array of size NAME_MAX
isn't safe. Instead we must use snprintf() here.
Reported-by: Geert Uytterhoeven geert@linux-m68k.org
Signed-off-by: Viresh Kumar viresh.kumar@linaro.org

Acked-by: Stephen Boyd sboyd@codeaurora.org
-- 
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
a Linux Foundation Collaborative Project

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

Re: [PATCH] PM / OPP: Use snprintf() instead of sprintf()