hollalinux
/
linux-sg2042
mirror of https://github.com/sophgo/linux-riscv.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[PATCH] Overrun in isdn_tty.c 

This fixes coverity bug id #1237.  After the while loop, it is possible for
i == ISDN_LMSNLEN.  If this happens the terminating '\0' is written after
the end of the array.

Signed-off-by: Eric Sesterhenn <snakebyte@gmx.de>
Cc: Karsten Keil <kkeil@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This commit is contained in:
Eric Sesterhenn 2006-05-20 15:00:12 -07:00 committed by Linus Torvalds
parent 92d1dbd274
commit a6a61c5494
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
drivers/isdn/i4l/isdn_tty.c
View File

@ -2880,7 +2880,7 @@ isdn_tty_cmd_ATand(char **p, modem_info * info)
p[0]++;
i = 0;
while (*p[0] && (strchr("0123456789,-*[]?;", *p[0])) &&
(i < ISDN_LMSNLEN))
(i < ISDN_LMSNLEN - 1))
m->lmsn[i++] = *p[0]++;
m->lmsn[i] = '\0';
break;