[dpdk-dev,v6,02/16] net/nfp: solve buffer overflow
Checks
Commit Message
/home/agreen/projects/dpdk/drivers/net/nfp/nfp_net.c: In
function ‘nfp_pf_pci_probe’:
/home/agreen/projects/dpdk/drivers/net/nfp/nfp_net.c:3160:
23: error: ‘%s’ directive writing up to 99 bytes into a
region of size 76 [-Werror=format-overflow=]
sprintf(fw_name, "%s/%s.nffw", DEFAULT_FW_PATH, serial);
Note fw_buf still has to increase somewhat even after
restricting serial[], since otherwise:
/home/agreen/projects/dpdk/drivers/net/nfp/nfp_net.c: In
function ‘nfp_pf_pci_probe’:
/home/agreen/projects/dpdk/drivers/net/nfp/nfp_net.c:3176:23:
error: ‘%s’ directive writing up to 99 bytes into a region
of size 76 [-Werror=format-overflow=]
sprintf(fw_name, "%s/%s", DEFAULT_FW_PATH, card);
^~
/home/agreen/projects/dpdk/drivers/net/nfp/nfp_net.c:3262:32:
err = nfp_fw_upload(dev, nsp, card_desc);
~~~~~~~~~
/home/agreen/projects/dpdk/drivers/net/nfp/nfp_net.c:3176:2:
note: ‘sprintf’ output between 25 and 124 bytes into a
destination of size 100
sprintf(fw_name, "%s/%s", DEFAULT_FW_PATH, card);
Signed-off-by: Andy Green <andy@warmcat.com>
Fixes: 896c265ef954 ("net/nfp: use new CPP interface")
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
drivers/net/nfp/nfp_net.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
@@ -3144,8 +3144,8 @@ nfp_fw_upload(struct rte_pci_device *dev, struct nfp_nsp *nsp, char *card)
struct nfp_cpp *cpp = nsp->cpp;
int fw_f;
char *fw_buf;
- char fw_name[100];
- char serial[100];
+ char fw_name[125];
+ char serial[40];
struct stat file_stat;
off_t fsize, bytes;