From: Doug Anderson Date: Fri, 14 Dec 2012 16:56:34 +0000 (-0800) Subject: arm: exynos: Fix potential buffer overrun in printk with asv X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=d851e01f889621cbddbc8e43e071ee0e85760e8e;p=people%2Faperard%2Flinux-chromebook.git arm: exynos: Fix potential buffer overrun in printk with asv The asv code stores 5 characters in in a 5-byte array. It properly compares against this with strncmp, but then goes and passes the character array to printk() which could read off the end. Terminate the array properly, then go ahead and promote the printout to print all the details we have every time. BUG=chrome-os-partner:16820 TEST=Boot and see message printed out. Change-Id: I8fb7044a8e14c6ce43d8866be2eee5ca167addbb Signed-off-by: Doug Anderson Reviewed-on: https://gerrit.chromium.org/gerrit/39710 Reviewed-by: Bryan Freed --- diff --git a/arch/arm/mach-exynos/asv-5250.c b/arch/arm/mach-exynos/asv-5250.c index 099bdada867ad..e5cd0f5c3f013 100644 --- a/arch/arm/mach-exynos/asv-5250.c +++ b/arch/arm/mach-exynos/asv-5250.c @@ -184,7 +184,7 @@ static int exynos5250_check_lot_id(struct samsung_asv *asv_info) unsigned int i; unsigned int tmp; unsigned int wno; - char lot_id[5]; + char lot_id[6]; lid_reg = __raw_readl(LOT_ID_REG); @@ -201,26 +201,24 @@ static int exynos5250_check_lot_id(struct samsung_asv *asv_info) lid_reg /= 36; lot_id[i] = (tmp < 10) ? (tmp + '0') : ((tmp - 10) + 'A'); } + lot_id[5] = '\0'; wno = (rev_lid >> 6) & 0x1f; + printk(KERN_INFO "Exynos5250: Lot ID is %s and wafer number is %d\n", + lot_id, wno); + /* NZVPU lot has incorrect IDS value */ - if ((!strncmp(lot_id, "NZVPU", ARRAY_SIZE(lot_id)))) { + if (!strcmp(lot_id, "NZVPU")) { exynos_lot_is_nzvpu = true; - printk(KERN_INFO "Exynos5250: Lot ID is %s and wafer number is %d\n", - lot_id, wno); if (wno >= 2 && wno <= 6) asv_info->ids_result -= 16; return 0; } - for (i = 0; i < ARRAY_SIZE(special_lot_id_list); i++) { - if (!strncmp(lot_id, special_lot_id_list[i], - ARRAY_SIZE(lot_id))) { - printk(KERN_INFO "Exynos5250: Lot ID is %s\n", lot_id); + for (i = 0; i < ARRAY_SIZE(special_lot_id_list); i++) + if (!strcmp(lot_id, special_lot_id_list[i])) return 0; - } - } return -EINVAL; }