[Patch V3] Staging: unisys: virthba: Fix variable length array
Ken Cox
jkc at redhat.com
Fri Mar 7 16:30:27 UTC 2014
A character array was declared on the stack with variable length. This has
been corrected to use a fixed length.
Reported-by: Dan Carpenter <dan.carpenter at oracle.com>
Signed-off-by: Ken Cox <jkc at redhat.com>
---
drivers/staging/unisys/virthba/virthba.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/staging/unisys/virthba/virthba.c b/drivers/staging/unisys/virthba/virthba.c
index c292293..277851f 100644
--- a/drivers/staging/unisys/virthba/virthba.c
+++ b/drivers/staging/unisys/virthba/virthba.c
@@ -1439,12 +1439,15 @@ static ssize_t
enable_ints_write(struct file *file, const char __user *buffer,
size_t count, loff_t *ppos)
{
- char buf[count + 1];
+ char buf[4];
int i, new_value;
struct virthba_info *virthbainfo;
U64 *Features_addr;
U64 mask;
+ if (count >= ARRAY_SIZE(buf))
+ return -EINVAL;
+
buf[count] = '\0';
if (copy_from_user(buf, buffer, count)) {
LOGERR("copy_from_user failed. buf<<%.*s>> count<<%lu>>\n",
--
1.8.5.3
More information about the devel
mailing list