greybus: firmware: fix potential stack corruption
Use snprintf when generating the firmware name to avoid stack corruption if the fixed-size buffer overflows. Note that the current buffer size appears to expect 16-bit ids while the they are actually 32-bit, something which could trigger the corruption. Signed-off-by: Johan Hovold <johan@hovoldconsulting.com> Reviewed-by: Viresh Kumar <viresh.kumar@linaro.org>
This commit is contained in:
parent
977e209ab4
commit
af0b4d5a19
|
@ -38,9 +38,10 @@ static int download_firmware(struct gb_firmware *firmware, u8 stage)
|
||||||
*
|
*
|
||||||
* XXX Name it properly..
|
* XXX Name it properly..
|
||||||
*/
|
*/
|
||||||
sprintf(firmware_name, "ara:%04x:%04x:%04x:%04x:%04x.fw", intf->unipro_mfg_id,
|
snprintf(firmware_name, sizeof(firmware_name),
|
||||||
intf->unipro_prod_id, intf->ara_vend_id, intf->ara_prod_id,
|
"ara:%04x:%04x:%04x:%04x:%04x.fw",
|
||||||
stage);
|
intf->unipro_mfg_id, intf->unipro_prod_id,
|
||||||
|
intf->ara_vend_id, intf->ara_prod_id, stage);
|
||||||
|
|
||||||
return request_firmware(&firmware->fw, firmware_name, &connection->dev);
|
return request_firmware(&firmware->fw, firmware_name, &connection->dev);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue