Static analysis reports that the ndctl_dimm_get_security() function can overflow 'buf'. Just above it, ndctl_dimm_get_available_labels() seems to make the same mistake. Fix both of these by allocating a buffer of the correct size.
Signed-off-by: Vishal Verma <[email protected]> --- ndctl/lib/dimm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ndctl/lib/dimm.c b/ndctl/lib/dimm.c index 0a4ca79..22cf4e1 100644 --- a/ndctl/lib/dimm.c +++ b/ndctl/lib/dimm.c @@ -582,7 +582,7 @@ NDCTL_EXPORT unsigned long ndctl_dimm_get_available_labels( struct ndctl_ctx *ctx = ndctl_dimm_get_ctx(dimm); char *path = dimm->dimm_buf; int rc, len = dimm->buf_len; - char buf[20]; + char buf[SYSFS_ATTR_SIZE]; if (snprintf(path, len, "%s/available_slots", dimm->dimm_path) >= len) { err(ctx, "%s: buffer too small!\n", @@ -605,8 +605,8 @@ NDCTL_EXPORT enum ndctl_security_state ndctl_dimm_get_security( { struct ndctl_ctx *ctx = ndctl_dimm_get_ctx(dimm); char *path = dimm->dimm_buf; + char buf[SYSFS_ATTR_SIZE]; int len = dimm->buf_len; - char buf[64]; int rc; if (snprintf(path, len, "%s/security", dimm->dimm_path) >= len) { -- 2.20.1 _______________________________________________ Linux-nvdimm mailing list [email protected] https://lists.01.org/mailman/listinfo/linux-nvdimm
