Bug 12970 - linux-2.6.29/drivers/isdn/mISDN/dsp_pipeline.c
Summary: linux-2.6.29/drivers/isdn/mISDN/dsp_pipeline.c
Status: CLOSED CODE_FIX
Alias: None
Product: Drivers
Classification: Unclassified
Component: ISDN (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: Karsten Keil
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-03-29 13:39 UTC by Martin Ettl
Modified: 2012-05-30 15:04 UTC (History)
2 users (show)

See Also:
Kernel Version: 2.6.29
Subsystem:
Regression: No
Bisected commit-id:

Attachments
proposed fix (1.37 KB, patch)
2009-06-02 13:44 UTC, Karsten Keil 		Details | Diff
Add an attachment (proposed patch, testcase, etc.)

Description Martin Ettl 2009-03-29 13:39:00 UTC 
Hi,

i detected an issue in follwing code (starting from line 61):

	*buf = 0;
	for (; i < elem->num_args; ++i)
		len = sprintf(buf, "%sName:        %s\n%s%s%sDescription: %s\n"
			"\n", buf,
			  elem->args[i].name,
			  elem->args[i].def ? "Default:     " : "",
			  elem->args[i].def ? elem->args[i].def : "",
			  elem->args[i].def ? "\n" : "",
			  elem->args[i].desc);

The memory of variable buf overlapps, using the sprintf statement;

This issue was detected with cppcheck (a static code analysis tool).
It created the follwing message:
[linux-2.6.29/drivers/isdn/mISDN/dsp_pipeline.c:64]: (error) Overlapping data buffer buf

Best regards

Ettl Martin
Comment 1 Karsten Keil 2009-06-02 13:44:29 UTC 
Created attachment 21709 [details]
proposed fix

Yes this code was from hell...
Note You need to log in before you can comment on or make changes to this bug.