Date: Sun, 23 Feb 1997 17:23:05 -0600 (CST) From: carol@tinker.com To: FreeBSD-gnats-submit@freebsd.org Subject: kern/2807: pcisupport.c uses sprintf field widths, not supported in kernel Message-ID: <199702232323.RAA29283@mailhub.tinker.com> Resent-Message-ID: <199702232350.PAA10456@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 2807
>Category: kern
>Synopsis: pcisupport.c uses sprintf field widths, not supported in kernel
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Feb 23 15:50:01 PST 1997
>Last-Modified:
>Originator: Carol Lyn Deihl
>Organization:
Shrier and Deihl
>Release: FreeBSD 2.1.7-RELEASE i386
>Environment:
using PCI devices
>Description:
In 2.1.6 /usr/src/sys/pci/pcisupport.c was modified to ensure that the
sprintf format string PPB_DESCR wouldn't overrun the space malloc'd for it.
However, the modification uses sprintf field widths (e.g. %04x), which are not
supported in the kernel's sprintf. At boot time, the string printed on the
console still has the field width specifiers (since they weren't recognized
by kernel's sprintf), instead of the desired data. At least it's guaranteed
not to overrun the malloc'd buffer :-). This problem still exists in 2.1.7.
>How-To-Repeat:
Boot with PCI devices installed.
>Fix:
Here is a suggested patch that doesn't rely on field width specifiers
and also guarantees no overrun:
pcisupport.patch - patch to fix sprintf format string because kernel's sprintf
doesn't understand field widths (e.g. %04x)
Carol Deihl <carol@tinker.com> 1997/02/23
To apply these patches,
copy this file to SOMEWHERE
cd /usr/src
patch <SOMEWHERE/pcisupport.patch
Index: sys/pci/pcisupport.c
===================================================================
*** pcisupport.c Mon Sep 16 03:52:18 1996
--- pcisupport.c Sun Feb 23 17:05:23 1997
***************
*** 83,89 ****
};
/* make sure formats expand to at least as many chars !!! */
! #define PPB_DESCR "generic PCI bridge (vendor=%04x device=%04x subclass=%1.2d)"
static char*
generic_pci_bridge (pcici_t tag)
--- 83,90 ----
};
/* make sure formats expand to at least as many chars !!! */
! /* if you change this string, check the sizeof stuff in the malloc below !!! */
! #define PPB_DESCR "generic PCI bridge (vendor=%x device=%x subclass=%d)"
static char*
generic_pci_bridge (pcici_t tag)
***************
*** 95,101 ****
unsigned id = pci_conf_read (tag, PCI_ID_REG);
! descr = malloc (sizeof PPB_DESCR +1, M_DEVBUF, M_WAITOK);
if (descr) {
sprintf (descr, PPB_DESCR, id & 0xffff, (id >> 16) & 0xffff,
(classreg >> 16) & 0xff);
--- 96,106 ----
unsigned id = pci_conf_read (tag, PCI_ID_REG);
! descr = malloc (sizeof PPB_DESCR /* includes the nul */
! + 4 /* for vendor */
! + 4 /* for device */
! + 3 /* for subclass */
! + 1 /* for just in case */, M_DEVBUF, M_WAITOK);
if (descr) {
sprintf (descr, PPB_DESCR, id & 0xffff, (id >> 16) & 0xffff,
(classreg >> 16) & 0xff);
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702232323.RAA29283>