On 2013-08-21 1:35 PM, Helmut Schaa wrote: > vsnprintf returns the number of chars that would have been written, not > the actual number of chars written. This can lead to crashlog_buf->len > being too big which in turn can lead to get_maxlen() returning negative > numbers. The length argument of kmsg_dump_get_buffer will be casted to > a size_t which makes a negative input a big positive number allowing > kmsg_dump_get_buffer to write out of bounds. > > Fix this by using vscnprintf which returns the actually written number > of chars. > > Signed-off-by: Helmut Schaa <[email protected]> Committed in r37820, thanks.
- Felix _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
