svn commit: r293193 - head/sys/dev/asmc
Ulrich Spoerlein
uqs at FreeBSD.org
Tue Jan 5 10:25:24 UTC 2016
Author: uqs
Date: Tue Jan 5 10:25:22 2016
New Revision: 293193
URL: https://svnweb.freebsd.org/changeset/base/293193
Log:
Fix undefined behavior when using asmc_fan_getstring()
It was returning a pointer to stack-allocated memory, so make the
allocation at the caller instead.
Found by: clang static analyzer
Coverity: CID 1245774
Reviewed by: ed, rpaulo
Review URL: https://reviews.freebsd.org/D4740
Modified:
head/sys/dev/asmc/asmc.c
Modified: head/sys/dev/asmc/asmc.c
==============================================================================
--- head/sys/dev/asmc/asmc.c Tue Jan 5 09:18:43 2016 (r293192)
+++ head/sys/dev/asmc/asmc.c Tue Jan 5 10:25:22 2016 (r293193)
@@ -963,14 +963,13 @@ asmc_fan_getvalue(device_t dev, const ch
}
static char*
-asmc_fan_getstring(device_t dev, const char *key, int fan)
+asmc_fan_getstring(device_t dev, const char *key, int fan, uint8_t *buf, uint8_t buflen)
{
- uint8_t buf[16];
char fankey[5];
char* desc;
snprintf(fankey, sizeof(fankey), key, fan);
- if (asmc_key_read(dev, fankey, buf, sizeof buf) < 0)
+ if (asmc_key_read(dev, fankey, buf, buflen) < 0)
return (NULL);
desc = buf+4;
@@ -1012,12 +1011,13 @@ asmc_mb_sysctl_fanspeed(SYSCTL_HANDLER_A
static int
asmc_mb_sysctl_fanid(SYSCTL_HANDLER_ARGS)
{
+ uint8_t buf[16];
device_t dev = (device_t) arg1;
int fan = arg2;
int error = true;
char* desc;
- desc = asmc_fan_getstring(dev, ASMC_KEY_FANID, fan);
+ desc = asmc_fan_getstring(dev, ASMC_KEY_FANID, fan, buf, sizeof(buf));
if (desc != NULL)
error = sysctl_handle_string(oidp, desc, 0, req);
More information about the svn-src-head
mailing list