[PATCH 07/10] staging: unisys: fix chipsetready parsing

Dan Carpenter dan.carpenter at oracle.com
Wed Jul 16 09:21:44 UTC 2014


On Tue, Jul 15, 2014 at 01:30:47PM -0400, Benjamin Romer wrote:
> +	char msgtype[64];
> +	int msgparam;
> +
> +	if (sscanf(buf, "%64s %d", msgtype, &msgparam) == 2) {

The 64 in "%s64s" is off by one because of the NUL.

[ This is where I do my memory corruption preventing dance of success.
  I did that with my eyeballs, yo! *flex* *flex* ]

regards,
dan carpenter



More information about the devel mailing list