From 157a814be6f3065a2463141f1592fa8948765334 Mon Sep 17 00:00:00 2001
From: Jon Smirl <jonsmirl@yahoo.com>
Date: Tue, 19 Oct 2004 18:18:02 +0000
Subject: Add a protective check against a possible buffer overflow

---
 linux-core/drm_ioctl.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'linux-core/drm_ioctl.c')

diff --git a/linux-core/drm_ioctl.c b/linux-core/drm_ioctl.c
index bd64ffdf..b7b97539 100644
--- a/linux-core/drm_ioctl.c
+++ b/linux-core/drm_ioctl.c
@@ -135,16 +135,19 @@ int drm_setunique(struct inode *inode, struct file *filp,
 
 static int drm_set_busid(drm_device_t * dev)
 {
+	int len;
 	if (dev->unique != NULL)
 		return EBUSY;
 
-	dev->unique_len = 20;
+	dev->unique_len = 40;
 	dev->unique = drm_alloc(dev->unique_len + 1, DRM_MEM_DRIVER);
 	if (dev->unique == NULL)
 		return ENOMEM;
 
-	snprintf(dev->unique, dev->unique_len, "pci:%04x:%02x:%02x.%d",
+	len = snprintf(dev->unique, dev->unique_len, "pci:%04x:%02x:%02x.%d",
 		 dev->pci_domain, dev->pci_bus, dev->pci_slot, dev->pci_func);
+	if (len > dev->unique_len)
+		DRM_ERROR("buffer overflow");
 
 	dev->devname = drm_alloc(strlen(dev->pdev->driver->name) + dev->unique_len + 2,
 				 DRM_MEM_DRIVER);
-- 
cgit v1.2.3