[media] v4l: xilinx: harmless buffer overflow

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

My static checker warns that the name of the port can be 15 characters
when you consider the NUL terminator and that's one more than the 14
characters in name[]. Maybe it's an off-by-one?

It's unlikely that we hit the limit and even if we do the overflow will
only affect one of the two bytes of padding so it's harmless. Still
let's fix it and also change the sprintf() to snprintf().

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>

authored by

Dan Carpenter and committed by

Mauro Carvalho Chehab 11 years ago 550f45bc 2235cf63

+2 -2

1 changed file

expand all

drivers

media

platform

xilinx

xilinx-dma.c

+2 -2

drivers/media/platform/xilinx/xilinx-dma.c

··· 653 653 int xvip_dma_init(struct xvip_composite_device *xdev, struct xvip_dma *dma, 654 654 enum v4l2_buf_type type, unsigned int port) 655 655 { 656 - char name[14]; 656 + char name[16]; 657 657 int ret; 658 658 659 659 dma->xdev = xdev; ··· 725 725 } 726 726 727 727 /* ... and the DMA channel. */ 728 - sprintf(name, "port%u", port); 728 + snprintf(name, sizeof(name), "port%u", port); 729 729 dma->dma = dma_request_slave_channel(dma->xdev->dev, name); 730 730 if (dma->dma == NULL) { 731 731 dev_err(dma->xdev->dev, "no VDMA channel found\n");