[Intel-gfx] [PATCH] i915/gem_flink_race: Fix error in buffer usage

[Steve Hampson]

A buffer in function test_flink_name was both too small and never
checked for overflow.  Both errors are fixed.

Signed-off-by: Steve Hampson <steven.t.hampson at intel.com>
Reviewed-by: Ashutosh Dixit <ashutosh.dixit at intel.com>
---
 tests/i915/gem_flink_race.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/tests/i915/gem_flink_race.c b/tests/i915/gem_flink_race.c
index c1f5d5d51..cf07aedf1 100644
--- a/tests/i915/gem_flink_race.c
+++ b/tests/i915/gem_flink_race.c
@@ -83,7 +83,7 @@ static void test_flink_name(int timeout)
 	struct flink_name *threads;
 	int r, i, num_threads;
 	unsigned long count;
-	char buf[256];
+	char buf[512];
 	void *status;
 	int len;
 
@@ -118,9 +118,13 @@ static void test_flink_name(int timeout)
 	for (i = 0;  i < num_threads; i++) {
 		pthread_join(threads[i].thread, &status);
 		igt_assert(status == 0);
-		len += snprintf(buf + len, sizeof(buf) - len, "%lu, ", threads[i].count);
+		/* Below, constant 11 is 8 digit number, comma, space and null byte */
+		if ((len + 11 + 1) < sizeof(buf))
+			len += snprintf(buf + len, sizeof(buf) - len, "%8lu, ", threads[i].count);
 	}
-	snprintf(buf + len - 2, sizeof(buf) - len + 2, "] races");
+	/* Below, constant 9 is 7 bytes for terminating string plus \n and null byte */
+	if (len + 9 < sizeof(buf))
+		snprintf(buf + len - 2, sizeof(buf) - len + 2, "] races");
 	igt_info("%s\n", buf);
 
 	close(fd);
-- 
2.21.0