aboutsummaryrefslogtreecommitdiffstats
path: root/target/linux/generic/patches-3.8/510-yaffs-3.4-use-d_make_root.patch
diff options
context:
space:
mode:
authorFelix Fietkau <nbd@openwrt.org>2013-08-21 20:59:25 +0000
committerFelix Fietkau <nbd@openwrt.org>2013-08-21 20:59:25 +0000
commit3848e6a246192d42160034e106f838b791931dce (patch)
tree3749a5663d177b71497810db03192b740aef1328 /target/linux/generic/patches-3.8/510-yaffs-3.4-use-d_make_root.patch
parent3e28d0849ee6cd39bfcc1a3458881b1e5e09c75c (diff)
downloadupstream-3848e6a246192d42160034e106f838b791931dce.tar.gz
upstream-3848e6a246192d42160034e106f838b791931dce.tar.bz2
upstream-3848e6a246192d42160034e106f838b791931dce.zip
kernel: crashlog: Avoid out-of-bounds write
vsnprintf returns the number of chars that would have been written, not the actual number of chars written. This can lead to crashlog_buf->len being too big which in turn can lead to get_maxlen() returning negative numbers. The length argument of kmsg_dump_get_buffer will be casted to a size_t which makes a negative input a big positive number allowing kmsg_dump_get_buffer to write out of bounds. Fix this by using vscnprintf which returns the actually written number of chars. Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> SVN-Revision: 37820
Diffstat (limited to 'target/linux/generic/patches-3.8/510-yaffs-3.4-use-d_make_root.patch')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-02 03:13:54 +0000