[PATCH v3 0/3] staging: gdm72xx: Minor cleanup
Dan Carpenter
dan.carpenter at oracle.com
Wed Apr 23 09:09:04 UTC 2014
On Wed, Apr 23, 2014 at 12:05:57PM +0300, Dan Carpenter wrote:
> On Wed, Apr 23, 2014 at 04:49:26PM +0800, Michalis Pappas wrote:
> > Hi Dan, thanks for looking at this. From the above snippet I realize
> > that I wasn't aware of the strict flag, so significantly less errors
> > were produced.
> >
> > The issues I was referring to as pedantic are:
> >
> > WARNING: unchecked sscanf return value
> > #296: FILE: gdm_wimax.c:296:
> > + sscanf(e->dev->name, "wm%d", &idx);
> >
> > does this really need to be checked?
>
> Just check it. The code as is looks like a information leak (security
> vulnerability) until you realize that e->dev->name is probably a known,
> trusted string.
Btw, we saw a "fix" for this earlier which just printed an error
message. Don't do that. Assume that static checkers will soon start
complaining about the info leak instead of just looking at sscanf().
regards,
dan carpenter
More information about the devel
mailing list