mkregtable: Fix sscanf handling

If you feed the tool a suitable bogus register map you can break it in arbitary (code executing) ways. While this isn't a particularly exciting or probable attack vector we still ought to fix it. One of a set of sscanf issues reported by Jackie Chang Signed-off-by: N Alan Cox <alan@linux.intel.com> Signed-off-by: N Jiri Kosina <jkosina@suse.cz>

mkregtable: Fix sscanf handling
If you feed the tool a suitable bogus register map you can break it in arbitary (code executing) ways. While this isn't a particularly exciting or probable attack vector we still ought to fix it. One of a set of sscanf issues reported by Jackie Chang Signed-off-by: N Alan Cox <alan@linux.intel.com> Signed-off-by: N Jiri Kosina <jkosina@suse.cz>
6b641900 · Alan · Jiri Kosina · bfb18d82 · 6b641900
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

drivers/gpu/drm/radeon/mkregtable.c drivers/gpu/drm/radeon/mkregtable.c +1 -1

未找到文件。
--- a/drivers/gpu/drm/radeon/mkregtable.c
+++ b/drivers/gpu/drm/radeon/mkregtable.c
@@ -655,7 +655,7 @@ static int parser_auth(struct table *t, const char *filename)

 	/* first line will contain the last register
 	 * and gpu name */
-	sscanf(buf, "%s %s", gpu_name, last_reg_s);
+	sscanf(buf, "%9s %9s", gpu_name, last_reg_s);
 	t->gpu_prefix = gpu_name;
 	last_reg = strtol(last_reg_s, NULL, 16);