Bug 12970

Summary: linux-2.6.29/drivers/isdn/mISDN/dsp_pipeline.c
Product: Drivers Reporter: Martin Ettl (ettl.martin)
Component: ISDNAssignee: Karsten Keil (kernel)
Status: CLOSED CODE_FIX    
Severity: normal CC: alan, kernel
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 2.6.29 Subsystem:
Regression: No Bisected commit-id:
Attachments: proposed fix

Description Martin Ettl 2009-03-29 13:39:00 UTC 
Hi,

i detected an issue in follwing code (starting from line 61):

	*buf = 0;
	for (; i < elem->num_args; ++i)
		len = sprintf(buf, "%sName:        %s\n%s%s%sDescription: %s\n"
			"\n", buf,
			  elem->args[i].name,
			  elem->args[i].def ? "Default:     " : "",
			  elem->args[i].def ? elem->args[i].def : "",
			  elem->args[i].def ? "\n" : "",
			  elem->args[i].desc);

The memory of variable buf overlapps, using the sprintf statement;

This issue was detected with cppcheck (a static code analysis tool).
It created the follwing message:
[linux-2.6.29/drivers/isdn/mISDN/dsp_pipeline.c:64]: (error) Overlapping data buffer buf

Best regards

Ettl Martin
Comment 1 Karsten Keil 2009-06-02 13:44:29 UTC 
Created attachment 21709 [details]
proposed fix

Yes this code was from hell...