From b4f1b67be99d6eda8f2f252460905858ace871ef Mon Sep 17 00:00:00 2001 From: Roel Kluin Date: Fri, 11 Dec 2009 08:43:15 -0600 Subject: kgdbts: Read buffer overflow Prevent write to put_buf[BUFMAX] in kgdb test suite. If put_buf_cnt was BUFMAX - 1 at the earlier test, `\0' is written to put_buf[BUFMAX]. Signed-off-by: Roel Kluin Signed-off-by: Jason Wessel --- drivers/misc/kgdbts.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'drivers/misc/kgdbts.c') diff --git a/drivers/misc/kgdbts.c b/drivers/misc/kgdbts.c index e4ff50b95a5..2ab04923d70 100644 --- a/drivers/misc/kgdbts.c +++ b/drivers/misc/kgdbts.c @@ -712,6 +712,12 @@ static int run_simple_test(int is_get_char, int chr) /* End of packet == #XX so look for the '#' */ if (put_buf_cnt > 3 && put_buf[put_buf_cnt - 3] == '#') { + if (put_buf_cnt >= BUFMAX) { + eprintk("kgdbts: ERROR: put buffer overflow on" + " '%s' line %i\n", ts.name, ts.idx); + put_buf_cnt = 0; + return 0; + } put_buf[put_buf_cnt] = '\0'; v2printk("put%i: %s\n", ts.idx, put_buf); /* Trigger check here */ -- cgit v1.2.3-70-g09d2