Date: Tue, 5 Jan 2016 10:25:22 +0000 (UTC) From: Ulrich Spoerlein <uqs@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r293193 - head/sys/dev/asmc Message-ID: <201601051025.u05APMcf079491@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: uqs Date: Tue Jan 5 10:25:22 2016 New Revision: 293193 URL: https://svnweb.freebsd.org/changeset/base/293193 Log: Fix undefined behavior when using asmc_fan_getstring() It was returning a pointer to stack-allocated memory, so make the allocation at the caller instead. Found by: clang static analyzer Coverity: CID 1245774 Reviewed by: ed, rpaulo Review URL: https://reviews.freebsd.org/D4740 Modified: head/sys/dev/asmc/asmc.c Modified: head/sys/dev/asmc/asmc.c ============================================================================== --- head/sys/dev/asmc/asmc.c Tue Jan 5 09:18:43 2016 (r293192) +++ head/sys/dev/asmc/asmc.c Tue Jan 5 10:25:22 2016 (r293193) @@ -963,14 +963,13 @@ asmc_fan_getvalue(device_t dev, const ch } static char* -asmc_fan_getstring(device_t dev, const char *key, int fan) +asmc_fan_getstring(device_t dev, const char *key, int fan, uint8_t *buf, uint8_t buflen) { - uint8_t buf[16]; char fankey[5]; char* desc; snprintf(fankey, sizeof(fankey), key, fan); - if (asmc_key_read(dev, fankey, buf, sizeof buf) < 0) + if (asmc_key_read(dev, fankey, buf, buflen) < 0) return (NULL); desc = buf+4; @@ -1012,12 +1011,13 @@ asmc_mb_sysctl_fanspeed(SYSCTL_HANDLER_A static int asmc_mb_sysctl_fanid(SYSCTL_HANDLER_ARGS) { + uint8_t buf[16]; device_t dev = (device_t) arg1; int fan = arg2; int error = true; char* desc; - desc = asmc_fan_getstring(dev, ASMC_KEY_FANID, fan); + desc = asmc_fan_getstring(dev, ASMC_KEY_FANID, fan, buf, sizeof(buf)); if (desc != NULL) error = sysctl_handle_string(oidp, desc, 0, req);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201601051025.u05APMcf079491>