Add a protective check against a possible buffer overflow

author: Jon Smirl <jonsmirl@yahoo.com> 2004-10-19 18:18:02 +0000
committer: Jon Smirl <jonsmirl@yahoo.com> 2004-10-19 18:18:02 +0000
commit: 157a814be6f3065a2463141f1592fa8948765334 (patch)
tree: df1a98c22fd79c36cef76a7ff529b1869c376969 /linux-core/drm_ioctl.c
parent: bcfbd73536e8e44b028953e4e04c83d143612a10 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/linux-core/drm_ioctl.c b/linux-core/drm_ioctl.c
index bd64ffdf..b7b97539 100644
--- a/linux-core/drm_ioctl.c
+++ b/linux-core/drm_ioctl.c
@@ -135,16 +135,19 @@ int drm_setunique(struct inode *inode, struct file *filp,
 
 static int drm_set_busid(drm_device_t * dev)
 {
+	int len;
 	if (dev->unique != NULL)
 		return EBUSY;
 
-	dev->unique_len = 20;
+	dev->unique_len = 40;
 	dev->unique = drm_alloc(dev->unique_len + 1, DRM_MEM_DRIVER);
 	if (dev->unique == NULL)
 		return ENOMEM;
 
-	snprintf(dev->unique, dev->unique_len, "pci:%04x:%02x:%02x.%d",
+	len = snprintf(dev->unique, dev->unique_len, "pci:%04x:%02x:%02x.%d",
 		 dev->pci_domain, dev->pci_bus, dev->pci_slot, dev->pci_func);
+	if (len > dev->unique_len)
+		DRM_ERROR("buffer overflow");
 
 	dev->devname = drm_alloc(strlen(dev->pdev->driver->name) + dev->unique_len + 2,
 				 DRM_MEM_DRIVER);
author	Jon Smirl <jonsmirl@yahoo.com>	2004-10-19 18:18:02 +0000
committer	Jon Smirl <jonsmirl@yahoo.com>	2004-10-19 18:18:02 +0000
commit	157a814be6f3065a2463141f1592fa8948765334 (patch)
tree	df1a98c22fd79c36cef76a7ff529b1869c376969 /linux-core/drm_ioctl.c
parent	bcfbd73536e8e44b028953e4e04c83d143612a10 (diff)