From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.warmcat.com (mail.warmcat.com [163.172.24.82]) by dpdk.org (Postfix) with ESMTP id DFD961BC50 for ; Fri, 11 May 2018 03:45:29 +0200 (CEST) From: Andy Green To: dev@dpdk.org Date: Fri, 11 May 2018 09:45:25 +0800 Message-ID: <152600312580.53146.1090136345409468008.stgit@localhost.localdomain> In-Reply-To: <152600304856.53146.9681482138854493833.stgit@localhost.localdomain> References: <152600304856.53146.9681482138854493833.stgit@localhost.localdomain> User-Agent: StGit/unknown-version Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Subject: [dpdk-dev] [PATCH v4 02/18] net/nfp: solve buffer overflow X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 May 2018 01:45:30 -0000 /home/agreen/projects/dpdk/drivers/net/nfp/nfp_net.c: In function ‘nfp_pf_pci_probe’: /home/agreen/projects/dpdk/drivers/net/nfp/nfp_net.c:3160: 23: error: ‘%s’ directive writing up to 99 bytes into a region of size 76 [-Werror=format-overflow=] sprintf(fw_name, "%s/%s.nffw", DEFAULT_FW_PATH, serial); Note fw_buf still has to increase somewhat even after restricting serial[], since otherwise: /home/agreen/projects/dpdk/drivers/net/nfp/nfp_net.c: In function ‘nfp_pf_pci_probe’: /home/agreen/projects/dpdk/drivers/net/nfp/nfp_net.c:3176:23: error: ‘%s’ directive writing up to 99 bytes into a region of size 76 [-Werror=format-overflow=] sprintf(fw_name, "%s/%s", DEFAULT_FW_PATH, card); ^~ /home/agreen/projects/dpdk/drivers/net/nfp/nfp_net.c:3262:32: err = nfp_fw_upload(dev, nsp, card_desc); ~~~~~~~~~ /home/agreen/projects/dpdk/drivers/net/nfp/nfp_net.c:3176:2: note: ‘sprintf’ output between 25 and 124 bytes into a destination of size 100 sprintf(fw_name, "%s/%s", DEFAULT_FW_PATH, card); Signed-off-by: Andy Green --- drivers/net/nfp/nfp_net.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/nfp/nfp_net.c b/drivers/net/nfp/nfp_net.c index 048324ec9..78113b41b 100644 --- a/drivers/net/nfp/nfp_net.c +++ b/drivers/net/nfp/nfp_net.c @@ -3144,8 +3144,8 @@ nfp_fw_upload(struct rte_pci_device *dev, struct nfp_nsp *nsp, char *card) struct nfp_cpp *cpp = nsp->cpp; int fw_f; char *fw_buf; - char fw_name[100]; - char serial[100]; + char fw_name[125]; + char serial[40]; struct stat file_stat; off_t fsize, bytes;