Bug 60101
| Summary: | omap4460: Segmentation fault reading /sys/class/hwmon/hwmon0/device/name - sprintf without a format string to blame | ||
|---|---|---|---|
| Product: | Drivers | Reporter: | Einar Jón (tolvupostur) |
| Component: | Other | Assignee: | drivers_other |
| Status: | NEW --- | ||
| Severity: | normal | ||
| Priority: | P1 | ||
| Hardware: | ARM | ||
| OS: | Linux | ||
| Kernel Version: | linux-ti-omap4_3.2 | Subsystem: | |
| Regression: | No | Bisected commit-id: | |
| Attachments: | Patch to add a format string to sprintf(). | ||
Changed platform and branch, since this only affects ARM CPUs with omap4460. The 3.5 kernel has changed the format of show_name(), so it shouldn't crash as much. sprintf is still being used without a format string, so a crash could still occur if (pdev->id < 0 || pdev->id > 2) |
Created attachment 105971 [details] Patch to add a format string to sprintf(). I was trying to run snmpd on a Pandaboard, but it always got a Segmentation fault. Strace shows that it stopped when trying to read the "file" /sys/class/hwmon/hwmon0/device/name (redirects to /sys/devices/platform/coretemp.0/name) On the pandaboard (I tried 3 boards), any read of the file crashes. Should be reproducable on any omap4460-based CPU, by calling cat /sys/class/hwmon/hwmon0/device/name less /sys/class/hwmon/hwmon0/device/name head /sys/class/hwmon/hwmon0/device/name # etc In the end I saw that the offending file is ubuntu-precise/drivers/hwmon/omap4460plus_hwmon_temp_sensor.c (in any 3.2/3.5 kernel), because it's using sprintf without a format string. On a linux PC, I read "coretemp\n", but the pandaboards have the tsh->name == NULL, which gives a segmentation fault. ubuntu-precise/drivers/hwmon/omap4460plus_hwmon_temp_sensor.c: line 44: return sprintf(buf, tsh->name); I have included a tiny patch which replaces that line with return sprintf(buf, "%s", tsh->name); It doesn't fix the underlying problem (that tsh->name == NULL), but at least the segmentation fault is replaced with a reply of "(null)" (without a trailing newline)