From: Tejun Heo Date: Thu, 14 Feb 2008 01:32:07 +0000 (+0900) Subject: printk: fix possible printk overrun X-Git-Tag: v2.6.25-rc4~161 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cf3680b90c7842cf91ed857ac4528f4e057da366;p=linux-2.6 printk: fix possible printk overrun printk recursion detection prepends message to printk_buf and offsets printk_buf when actual message is printed but it forgets to trim buffer length accordingly. This can result in overrun in extreme cases. Fix it. [ mingo@elte.hu: bug was introduced by me via: commit 32a76006683f7b28ae3cc491da37716e002f198e Author: Ingo Molnar Date: Fri Jan 25 21:07:58 2008 +0100 printk: make printk more robust by not allowing recursion ] Signed-off-by: Tejun Heo Signed-off-by: Ingo Molnar Signed-off-by: Linus Torvalds --- diff --git a/kernel/printk.c b/kernel/printk.c index bee36100f1..9adc2a473e 100644 --- a/kernel/printk.c +++ b/kernel/printk.c @@ -666,7 +666,7 @@ asmlinkage int vprintk(const char *fmt, va_list args) } /* Emit the output into the temporary buffer */ printed_len += vscnprintf(printk_buf + printed_len, - sizeof(printk_buf), fmt, args); + sizeof(printk_buf) - printed_len, fmt, args); /* * Copy the output into log_buf. If the caller didn't provide