[PATCH RESEND] mkregtable: Fix sscanf handling

Alan gnomes at lxorguk.ukuu.org.uk
Tue Dec 17 07:05:39 PST 2013


If you feed the tool a suitable bogus register map you can break it
in arbitary (code executing) ways. While this isn't a particularly
exciting or probable attack vector we still ought to fix it.

One of a set of sscanf issues reported by Jackie Chang

Signed-off-by: Alan Cox <alan at linux.intel.com>
---
 drivers/gpu/drm/radeon/mkregtable.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/radeon/mkregtable.c b/drivers/gpu/drm/radeon/mkregtable.c
index af85299..4a85bb6 100644
--- a/drivers/gpu/drm/radeon/mkregtable.c
+++ b/drivers/gpu/drm/radeon/mkregtable.c
@@ -655,7 +655,7 @@ static int parser_auth(struct table *t, const char *filename)
 
 	/* first line will contain the last register
 	 * and gpu name */
-	sscanf(buf, "%s %s", gpu_name, last_reg_s);
+	sscanf(buf, "%9s %9s", gpu_name, last_reg_s);
 	t->gpu_prefix = gpu_name;
 	last_reg = strtol(last_reg_s, NULL, 16);
 



More information about the dri-devel mailing list