Bug 12965

Summary: Overlapping data buffer
Product: Platform Specific/Hardware Reporter: Martin Ettl (ettl.martin)
Component: S390Assignee: Arnd Bergmann (com.ibm)
Status: CLOSED CODE_FIX    
Severity: normal CC: alan, florian
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 2.6.29 Subsystem:
Regression: No Bisected commit-id:
Attachments: The first Patch for bug 12965
The second patch for bug 12965

Description Martin Ettl 2009-03-28 23:57:18 UTC 
Hi,


i detected two issues in the s390 architecture source code: My static code analysis tool (cppcheck) says:

[linux-2.6.29/arch/s390/kernel/early.c:117]: (error) Overlapping data buffer defsys_cmd
[linux-2.6.29/arch/s390/kernel/early.c:111]: (error) Overlapping data buffer defsys_cmd

look into the code:
....

		sprintf(defsys_cmd, "%s EW %.5X-%.5X", defsys_cmd,
		sinitrd_pfn, einitrd_pfn);
	}
#endif

	sprintf(defsys_cmd, "%s EW MINSIZE=%.7iK PARMREGS=0-13",
		defsys_cmd, min_size);

....

The buffer does overlapp, which can lead to a wrong memory!

Best regards

Ettl Martin
Comment 1 L.C. 2011-02-25 03:44:32 UTC 
Created attachment 49052 [details]
The first Patch for bug 12965

Fix the dangerous use of sprintf by using safer function snprintf. This patch is
generated automatically by the tool R2Fix.
Comment 2 L.C. 2011-02-25 03:46:25 UTC 
Created attachment 49062 [details]
The second patch for bug 12965

Fix the dangerous use of sprintf by using safer function snprintf. This patch is generated automatically by the tool R2Fix.
Comment 3 Florian Mickler 2011-03-27 10:45:37 UTC 
A commit referencing this bug has been merged for .39-rc1:

commit 69ac43b05eef4b8555e84ad51ceb6c58b5a3bc75
Author: Chen Liu <chenliu@asset.uwaterloo.ca>
Date:   Wed Mar 23 10:14:58 2011 +0100

    [S390] early: Fix possible overlapping data buffer
Comment 4 Florian Mickler 2011-03-28 23:07:23 UTC 
A patch referencing this bug report has been merged in v2.6.38-8876-g036a982:

commit 69ac43b05eef4b8555e84ad51ceb6c58b5a3bc75
Author: Chen Liu <chenliu@asset.uwaterloo.ca>
Date:   Wed Mar 23 10:14:58 2011 +0100

    [S390] early: Fix possible overlapping data buffer