usb: fix serial generator
snprintf return value is *not* the number of chars written into the buffer, but the number of chars needed. So in case the buffer is too small you can go alloc a bigger one and try again. But that also means you can't simply use the return value for the next snprintf call without checking beforehand that things did actually fit. Problem is that usb_desc_create_serial didn't perform that check, so a loooong path string (can happen with deep pci-bridge nesting) results in the third snprintf call smashing the stack. Fix this by throwing out all the snpintf calls and use g_strdup_printf instead. https://bugzilla.redhat.com/show_bug.cgi?id=1381630Reported-by: NThomas Huth <thuth@redhat.com> Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Reviewed-by: NThomas Huth <thuth@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Message-id: 1475659998-22045-1-git-send-email-kraxel@redhat.com
Showing
想要评论请 注册 或 登录