greybus: firmware: fix potential stack corruption

Use snprintf when generating the firmware name to avoid stack corruption
if the fixed-size buffer overflows.

Note that the current buffer size appears to expect 16-bit ids while
the they are actually 32-bit, something which could trigger the
corruption.

Signed-off-by: Johan Hovold <johan@hovoldconsulting.com>
Reviewed-by: Viresh Kumar <viresh.kumar@linaro.org>
This commit is contained in:
Johan Hovold 2015-08-28 11:58:24 +02:00
parent 977e209ab4
commit af0b4d5a19
1 changed files with 4 additions and 3 deletions

View File

@ -38,9 +38,10 @@ static int download_firmware(struct gb_firmware *firmware, u8 stage)
* *
* XXX Name it properly.. * XXX Name it properly..
*/ */
sprintf(firmware_name, "ara:%04x:%04x:%04x:%04x:%04x.fw", intf->unipro_mfg_id, snprintf(firmware_name, sizeof(firmware_name),
intf->unipro_prod_id, intf->ara_vend_id, intf->ara_prod_id, "ara:%04x:%04x:%04x:%04x:%04x.fw",
stage); intf->unipro_mfg_id, intf->unipro_prod_id,
intf->ara_vend_id, intf->ara_prod_id, stage);
return request_firmware(&firmware->fw, firmware_name, &connection->dev); return request_firmware(&firmware->fw, firmware_name, &connection->dev);
} }