drivers/gpu/drm/drm_drv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
From: Feng Jiang <jiangfeng@kylinos.cn>
When calling scnprintf() to append recovery method to event_string,
the second argument should be `sizeof(event_string) - len`, otherwise
there is a potential overflow problem.
Fixes: b7cf9f4ac1b8 ("drm: Introduce device wedged event")
Signed-off-by: Feng Jiang <jiangfeng@kylinos.cn>
---
v3:
- update the subject
v2:
- update commit message
- keep scnprintf() as a single line
---
drivers/gpu/drm/drm_drv.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c
index 17fc5dc708f4..60e5ac179c15 100644
--- a/drivers/gpu/drm/drm_drv.c
+++ b/drivers/gpu/drm/drm_drv.c
@@ -549,7 +549,7 @@ int drm_dev_wedged_event(struct drm_device *dev, unsigned long method)
if (drm_WARN_ONCE(dev, !recovery, "invalid recovery method %u\n", opt))
break;
- len += scnprintf(event_string + len, sizeof(event_string), "%s,", recovery);
+ len += scnprintf(event_string + len, sizeof(event_string) - len, "%s,", recovery);
}
if (recovery)
--
2.25.1On Wed, Apr 09, 2025 at 09:46:33AM +0800, jiangfeng@kylinos.cn wrote:
> From: Feng Jiang <jiangfeng@kylinos.cn>
>
> When calling scnprintf() to append recovery method to event_string,
> the second argument should be `sizeof(event_string) - len`, otherwise
> there is a potential overflow problem.
>
> Fixes: b7cf9f4ac1b8 ("drm: Introduce device wedged event")
> Signed-off-by: Feng Jiang <jiangfeng@kylinos.cn>
Reviewed-by: Raag Jadav <raag.jadav@intel.com>
Thanks for the fix.
On Wed, Apr 09, 2025 at 09:24:41AM +0300, Raag Jadav wrote:
> On Wed, Apr 09, 2025 at 09:46:33AM +0800, jiangfeng@kylinos.cn wrote:
> > From: Feng Jiang <jiangfeng@kylinos.cn>
> >
> > When calling scnprintf() to append recovery method to event_string,
> > the second argument should be `sizeof(event_string) - len`, otherwise
> > there is a potential overflow problem.
> >
> > Fixes: b7cf9f4ac1b8 ("drm: Introduce device wedged event")
> > Signed-off-by: Feng Jiang <jiangfeng@kylinos.cn>
>
> Reviewed-by: Raag Jadav <raag.jadav@intel.com>
>
> Thanks for the fix.
This one seems got lost in the noise but important for 6.15.
Any takers?
Raag
On Thu, May 01, 2025 at 03:22:25PM +0300, Raag Jadav wrote:
> On Wed, Apr 09, 2025 at 09:24:41AM +0300, Raag Jadav wrote:
> > On Wed, Apr 09, 2025 at 09:46:33AM +0800, jiangfeng@kylinos.cn wrote:
> > > From: Feng Jiang <jiangfeng@kylinos.cn>
> > >
> > > When calling scnprintf() to append recovery method to event_string,
> > > the second argument should be `sizeof(event_string) - len`, otherwise
> > > there is a potential overflow problem.
> > >
> > > Fixes: b7cf9f4ac1b8 ("drm: Introduce device wedged event")
> > > Signed-off-by: Feng Jiang <jiangfeng@kylinos.cn>
> >
> > Reviewed-by: Raag Jadav <raag.jadav@intel.com>
> >
> > Thanks for the fix.
>
> This one seems got lost in the noise but important for 6.15.
> Any takers?
pushed to drm-misc-fixes
>
> Raag
Em 08/04/2025 22:46, jiangfeng@kylinos.cn escreveu:
> From: Feng Jiang <jiangfeng@kylinos.cn>
>
> When calling scnprintf() to append recovery method to event_string,
> the second argument should be `sizeof(event_string) - len`, otherwise
> there is a potential overflow problem.
>
> Fixes: b7cf9f4ac1b8 ("drm: Introduce device wedged event")
> Signed-off-by: Feng Jiang <jiangfeng@kylinos.cn>
Reviewed-by: André Almeida <andrealmeid@igalia.com>
© 2016 - 2026 Red Hat, Inc.