mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-24 07:46:48 +00:00
3848e6a246
vsnprintf returns the number of chars that would have been written, not the actual number of chars written. This can lead to crashlog_buf->len being too big which in turn can lead to get_maxlen() returning negative numbers. The length argument of kmsg_dump_get_buffer will be casted to a size_t which makes a negative input a big positive number allowing kmsg_dump_get_buffer to write out of bounds. Fix this by using vscnprintf which returns the actually written number of chars. Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> SVN-Revision: 37820 |
||
---|---|---|
.. | ||
base-files | ||
files | ||
image | ||
patches-3.3 | ||
patches-3.6 | ||
patches-3.8 | ||
patches-3.9 | ||
patches-3.10 | ||
config-3.3 | ||
config-3.6 | ||
config-3.8 | ||
config-3.9 | ||
config-3.10 | ||
PATCHES |