On Thu, 2004-11-18 at 12:23, Roland Dreier wrote:
> It's extremely unlikely, but:
>
> + char name[8];
>
> + sprintf(name, "ib_mad%d", port_num);
>
> if port_num >= 10, this will overflow the buffer. Since a device
> could conceivably have up to 255 ports (although an HCA with hundreds
> of ports is rather far-fetched, and we only create one port for a
> switch), I would suggest doing
>
> char name[sizeof "ib_mad123"];
>
> and
>
> snprintf(name, sizeof name, "ib_mad%d", port_num);
>
> for correctness and (mostly) ease of auditing.
Thanks. Applied.
-- Hal
Index: mad.c
===================================================================
--- mad.c (revision 1261)
+++ mad.c (working copy)
@@ -1843,7 +1843,7 @@
int ret, cq_size;
struct ib_mad_port_private *port_priv;
unsigned long flags;
- char name[8];
+ char name[sizeof "ib_mad123"];
/* First, check if port already open at MAD layer */
port_priv = ib_get_mad_port(device, port_num);
@@ -1899,7 +1899,7 @@
if (ret)
goto error7;
- sprintf(name, "ib_mad%d", port_num);
+ snprintf(name, sizeof name, "ib_mad%d", port_num);
port_priv->wq = create_workqueue(name);
if (!port_priv->wq) {
ret = -ENOMEM;
_______________________________________________
openib-general mailing list
[EMAIL PROTECTED]
http://openib.org/mailman/listinfo/openib-general
To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general
