From owner-freebsd-bugs Sun Feb 23 15:50:06 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id PAA10462 for bugs-outgoing; Sun, 23 Feb 1997 15:50:06 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id PAA10456; Sun, 23 Feb 1997 15:50:03 -0800 (PST) Resent-Date: Sun, 23 Feb 1997 15:50:03 -0800 (PST) Resent-Message-Id: <199702232350.PAA10456@freefall.freebsd.org> Resent-From: gnats (GNATS Management) Resent-To: freebsd-bugs Resent-Reply-To: FreeBSD-gnats@freefall.FreeBSD.org, carol@tinker.com Received: from tinker.com (troll.tinker.com [204.214.7.146]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA10140 for ; Sun, 23 Feb 1997 15:44:29 -0800 (PST) Received: by localhost (8.7.5/8.7.3) Received: by mail.tinker.com via smap (V1.3) id sma001235; Sun Feb 23 17:55:17 1997 Received: by localhost (8.7.5/8.7.3) Message-Id: <199702232323.RAA29283@mailhub.tinker.com> Date: Sun, 23 Feb 1997 17:23:05 -0600 (CST) From: carol@tinker.com Reply-To: carol@tinker.com To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: kern/2807: pcisupport.c uses sprintf field widths, not supported in kernel Sender: owner-bugs@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >Number: 2807 >Category: kern >Synopsis: pcisupport.c uses sprintf field widths, not supported in kernel >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Feb 23 15:50:01 PST 1997 >Last-Modified: >Originator: Carol Lyn Deihl >Organization: Shrier and Deihl >Release: FreeBSD 2.1.7-RELEASE i386 >Environment: using PCI devices >Description: In 2.1.6 /usr/src/sys/pci/pcisupport.c was modified to ensure that the sprintf format string PPB_DESCR wouldn't overrun the space malloc'd for it. However, the modification uses sprintf field widths (e.g. %04x), which are not supported in the kernel's sprintf. At boot time, the string printed on the console still has the field width specifiers (since they weren't recognized by kernel's sprintf), instead of the desired data. At least it's guaranteed not to overrun the malloc'd buffer :-). This problem still exists in 2.1.7. >How-To-Repeat: Boot with PCI devices installed. >Fix: Here is a suggested patch that doesn't rely on field width specifiers and also guarantees no overrun: pcisupport.patch - patch to fix sprintf format string because kernel's sprintf doesn't understand field widths (e.g. %04x) Carol Deihl 1997/02/23 To apply these patches, copy this file to SOMEWHERE cd /usr/src patch > 16) & 0xffff, (classreg >> 16) & 0xff); --- 96,106 ---- unsigned id = pci_conf_read (tag, PCI_ID_REG); ! descr = malloc (sizeof PPB_DESCR /* includes the nul */ ! + 4 /* for vendor */ ! + 4 /* for device */ ! + 3 /* for subclass */ ! + 1 /* for just in case */, M_DEVBUF, M_WAITOK); if (descr) { sprintf (descr, PPB_DESCR, id & 0xffff, (id >> 16) & 0xffff, (classreg >> 16) & 0xff); >Audit-Trail: >Unformatted: