Author: uqs Date: Tue Jan 5 10:25:22 2016 New Revision: 293193 URL: https://svnweb.freebsd.org/changeset/base/293193
Log: Fix undefined behavior when using asmc_fan_getstring() It was returning a pointer to stack-allocated memory, so make the allocation at the caller instead. Found by: clang static analyzer Coverity: CID 1245774 Reviewed by: ed, rpaulo Review URL: https://reviews.freebsd.org/D4740 Modified: head/sys/dev/asmc/asmc.c Modified: head/sys/dev/asmc/asmc.c ============================================================================== --- head/sys/dev/asmc/asmc.c Tue Jan 5 09:18:43 2016 (r293192) +++ head/sys/dev/asmc/asmc.c Tue Jan 5 10:25:22 2016 (r293193) @@ -963,14 +963,13 @@ asmc_fan_getvalue(device_t dev, const ch } static char* -asmc_fan_getstring(device_t dev, const char *key, int fan) +asmc_fan_getstring(device_t dev, const char *key, int fan, uint8_t *buf, uint8_t buflen) { - uint8_t buf[16]; char fankey[5]; char* desc; snprintf(fankey, sizeof(fankey), key, fan); - if (asmc_key_read(dev, fankey, buf, sizeof buf) < 0) + if (asmc_key_read(dev, fankey, buf, buflen) < 0) return (NULL); desc = buf+4; @@ -1012,12 +1011,13 @@ asmc_mb_sysctl_fanspeed(SYSCTL_HANDLER_A static int asmc_mb_sysctl_fanid(SYSCTL_HANDLER_ARGS) { + uint8_t buf[16]; device_t dev = (device_t) arg1; int fan = arg2; int error = true; char* desc; - desc = asmc_fan_getstring(dev, ASMC_KEY_FANID, fan); + desc = asmc_fan_getstring(dev, ASMC_KEY_FANID, fan, buf, sizeof(buf)); if (desc != NULL) error = sysctl_handle_string(oidp, desc, 0, req); _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
