aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKamil Dudka <kdudka@redhat.com>2012-07-30 17:41:29 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2012-07-30 20:25:17 -0400
commit40251b8eb46e48c011939a3ddf056fe13a223319 (patch)
tree42bd1722443f2849273e6529f0c78515101546b5
parent49ac572b93832210dc1895839692b3a51e5d0e27 (diff)
drivers/message/i2o/i2o_proc.c: the pointer returned from chtostr() points to an array which is no longer valid
... when being used in the calling function. Although it may work, the behavior is undefined. Detected by cppcheck. Signed-off-by: Kamil Dudka <kdudka@redhat.com> Signed-off-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--drivers/message/i2o/i2o_proc.c37
1 files changed, 22 insertions, 15 deletions
diff --git a/drivers/message/i2o/i2o_proc.c b/drivers/message/i2o/i2o_proc.c
index 506c36f6e1db..8001aa6bfb48 100644
--- a/drivers/message/i2o/i2o_proc.c
+++ b/drivers/message/i2o/i2o_proc.c
@@ -255,9 +255,8 @@ static char *scsi_devices[] = {
255 "Array Controller Device" 255 "Array Controller Device"
256}; 256};
257 257
258static char *chtostr(u8 * chars, int n) 258static char *chtostr(char *tmp, u8 *chars, int n)
259{ 259{
260 char tmp[256];
261 tmp[0] = 0; 260 tmp[0] = 0;
262 return strncat(tmp, (char *)chars, n); 261 return strncat(tmp, (char *)chars, n);
263} 262}
@@ -791,6 +790,7 @@ static int i2o_seq_show_ddm_table(struct seq_file *seq, void *v)
791 } *result; 790 } *result;
792 791
793 i2o_exec_execute_ddm_table ddm_table; 792 i2o_exec_execute_ddm_table ddm_table;
793 char tmp[28 + 1];
794 794
795 result = kmalloc(sizeof(*result), GFP_KERNEL); 795 result = kmalloc(sizeof(*result), GFP_KERNEL);
796 if (!result) 796 if (!result)
@@ -826,7 +826,7 @@ static int i2o_seq_show_ddm_table(struct seq_file *seq, void *v)
826 seq_printf(seq, "%-#7x", ddm_table.i2o_vendor_id); 826 seq_printf(seq, "%-#7x", ddm_table.i2o_vendor_id);
827 seq_printf(seq, "%-#8x", ddm_table.module_id); 827 seq_printf(seq, "%-#8x", ddm_table.module_id);
828 seq_printf(seq, "%-29s", 828 seq_printf(seq, "%-29s",
829 chtostr(ddm_table.module_name_version, 28)); 829 chtostr(tmp, ddm_table.module_name_version, 28));
830 seq_printf(seq, "%9d ", ddm_table.data_size); 830 seq_printf(seq, "%9d ", ddm_table.data_size);
831 seq_printf(seq, "%8d", ddm_table.code_size); 831 seq_printf(seq, "%8d", ddm_table.code_size);
832 832
@@ -893,6 +893,7 @@ static int i2o_seq_show_drivers_stored(struct seq_file *seq, void *v)
893 893
894 i2o_driver_result_table *result; 894 i2o_driver_result_table *result;
895 i2o_driver_store_table *dst; 895 i2o_driver_store_table *dst;
896 char tmp[28 + 1];
896 897
897 result = kmalloc(sizeof(i2o_driver_result_table), GFP_KERNEL); 898 result = kmalloc(sizeof(i2o_driver_result_table), GFP_KERNEL);
898 if (result == NULL) 899 if (result == NULL)
@@ -927,8 +928,9 @@ static int i2o_seq_show_drivers_stored(struct seq_file *seq, void *v)
927 928
928 seq_printf(seq, "%-#7x", dst->i2o_vendor_id); 929 seq_printf(seq, "%-#7x", dst->i2o_vendor_id);
929 seq_printf(seq, "%-#8x", dst->module_id); 930 seq_printf(seq, "%-#8x", dst->module_id);
930 seq_printf(seq, "%-29s", chtostr(dst->module_name_version, 28)); 931 seq_printf(seq, "%-29s",
931 seq_printf(seq, "%-9s", chtostr(dst->date, 8)); 932 chtostr(tmp, dst->module_name_version, 28));
933 seq_printf(seq, "%-9s", chtostr(tmp, dst->date, 8));
932 seq_printf(seq, "%8d ", dst->module_size); 934 seq_printf(seq, "%8d ", dst->module_size);
933 seq_printf(seq, "%8d ", dst->mpb_size); 935 seq_printf(seq, "%8d ", dst->mpb_size);
934 seq_printf(seq, "0x%04x", dst->module_flags); 936 seq_printf(seq, "0x%04x", dst->module_flags);
@@ -1248,6 +1250,7 @@ static int i2o_seq_show_dev_identity(struct seq_file *seq, void *v)
1248 // == (allow) 512d bytes (max) 1250 // == (allow) 512d bytes (max)
1249 static u16 *work16 = (u16 *) work32; 1251 static u16 *work16 = (u16 *) work32;
1250 int token; 1252 int token;
1253 char tmp[16 + 1];
1251 1254
1252 token = i2o_parm_field_get(d, 0xF100, -1, &work32, sizeof(work32)); 1255 token = i2o_parm_field_get(d, 0xF100, -1, &work32, sizeof(work32));
1253 1256
@@ -1260,13 +1263,13 @@ static int i2o_seq_show_dev_identity(struct seq_file *seq, void *v)
1260 seq_printf(seq, "Owner TID : %0#5x\n", work16[2]); 1263 seq_printf(seq, "Owner TID : %0#5x\n", work16[2]);
1261 seq_printf(seq, "Parent TID : %0#5x\n", work16[3]); 1264 seq_printf(seq, "Parent TID : %0#5x\n", work16[3]);
1262 seq_printf(seq, "Vendor info : %s\n", 1265 seq_printf(seq, "Vendor info : %s\n",
1263 chtostr((u8 *) (work32 + 2), 16)); 1266 chtostr(tmp, (u8 *) (work32 + 2), 16));
1264 seq_printf(seq, "Product info : %s\n", 1267 seq_printf(seq, "Product info : %s\n",
1265 chtostr((u8 *) (work32 + 6), 16)); 1268 chtostr(tmp, (u8 *) (work32 + 6), 16));
1266 seq_printf(seq, "Description : %s\n", 1269 seq_printf(seq, "Description : %s\n",
1267 chtostr((u8 *) (work32 + 10), 16)); 1270 chtostr(tmp, (u8 *) (work32 + 10), 16));
1268 seq_printf(seq, "Product rev. : %s\n", 1271 seq_printf(seq, "Product rev. : %s\n",
1269 chtostr((u8 *) (work32 + 14), 8)); 1272 chtostr(tmp, (u8 *) (work32 + 14), 8));
1270 1273
1271 seq_printf(seq, "Serial number : "); 1274 seq_printf(seq, "Serial number : ");
1272 print_serial_number(seq, (u8 *) (work32 + 16), 1275 print_serial_number(seq, (u8 *) (work32 + 16),
@@ -1303,6 +1306,8 @@ static int i2o_seq_show_ddm_identity(struct seq_file *seq, void *v)
1303 u8 pad[256]; // allow up to 256 byte (max) serial number 1306 u8 pad[256]; // allow up to 256 byte (max) serial number
1304 } result; 1307 } result;
1305 1308
1309 char tmp[24 + 1];
1310
1306 token = i2o_parm_field_get(d, 0xF101, -1, &result, sizeof(result)); 1311 token = i2o_parm_field_get(d, 0xF101, -1, &result, sizeof(result));
1307 1312
1308 if (token < 0) { 1313 if (token < 0) {
@@ -1312,9 +1317,9 @@ static int i2o_seq_show_ddm_identity(struct seq_file *seq, void *v)
1312 1317
1313 seq_printf(seq, "Registering DDM TID : 0x%03x\n", result.ddm_tid); 1318 seq_printf(seq, "Registering DDM TID : 0x%03x\n", result.ddm_tid);
1314 seq_printf(seq, "Module name : %s\n", 1319 seq_printf(seq, "Module name : %s\n",
1315 chtostr(result.module_name, 24)); 1320 chtostr(tmp, result.module_name, 24));
1316 seq_printf(seq, "Module revision : %s\n", 1321 seq_printf(seq, "Module revision : %s\n",
1317 chtostr(result.module_rev, 8)); 1322 chtostr(tmp, result.module_rev, 8));
1318 1323
1319 seq_printf(seq, "Serial number : "); 1324 seq_printf(seq, "Serial number : ");
1320 print_serial_number(seq, result.serial_number, sizeof(result) - 36); 1325 print_serial_number(seq, result.serial_number, sizeof(result) - 36);
@@ -1338,6 +1343,8 @@ static int i2o_seq_show_uinfo(struct seq_file *seq, void *v)
1338 u8 instance_number[4]; 1343 u8 instance_number[4];
1339 } result; 1344 } result;
1340 1345
1346 char tmp[64 + 1];
1347
1341 token = i2o_parm_field_get(d, 0xF102, -1, &result, sizeof(result)); 1348 token = i2o_parm_field_get(d, 0xF102, -1, &result, sizeof(result));
1342 1349
1343 if (token < 0) { 1350 if (token < 0) {
@@ -1346,13 +1353,13 @@ static int i2o_seq_show_uinfo(struct seq_file *seq, void *v)
1346 } 1353 }
1347 1354
1348 seq_printf(seq, "Device name : %s\n", 1355 seq_printf(seq, "Device name : %s\n",
1349 chtostr(result.device_name, 64)); 1356 chtostr(tmp, result.device_name, 64));
1350 seq_printf(seq, "Service name : %s\n", 1357 seq_printf(seq, "Service name : %s\n",
1351 chtostr(result.service_name, 64)); 1358 chtostr(tmp, result.service_name, 64));
1352 seq_printf(seq, "Physical name : %s\n", 1359 seq_printf(seq, "Physical name : %s\n",
1353 chtostr(result.physical_location, 64)); 1360 chtostr(tmp, result.physical_location, 64));
1354 seq_printf(seq, "Instance number : %s\n", 1361 seq_printf(seq, "Instance number : %s\n",
1355 chtostr(result.instance_number, 4)); 1362 chtostr(tmp, result.instance_number, 4));
1356 1363
1357 return 0; 1364 return 0;
1358} 1365}