staging: rtl8723bs: ensure cmd is large enough for %4s scanf format

char array cmd is being scanned in using a %4s scanf format specifier and so cmd must be an array of 5 chars. Increase size to 5 chars to ensure we don't have an overflow. Detected with static analysis by cppcheck: "(error) Width 4 given in format string (no. 1) is larger than destination buffer 'cmd[4]', use %3s to prevent overflowing it." Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

staging: rtl8723bs: ensure cmd is large enough for %4s scanf format
char array cmd is being scanned in using a %4s scanf format specifier and so cmd must be an array of 5 chars. Increase size to 5 chars to ensure we don't have an overflow. Detected with static analysis by cppcheck: "(error) Width 4 given in format string (no. 1) is larger than destination buffer 'cmd[4]', use %3s to prevent overflowing it." Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2e85ccf1 · Colin Ian King · Greg Kroah-Hartman · 73bd2eaa · 2e85ccf1
Commit 2e85ccf1 authored Apr 11, 2017 by Colin Ian King Committed by Greg Kroah-Hartman Apr 14, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

drivers/staging/rtl8723bs/os_dep/rtw_proc.c drivers/staging/rtl8723bs/os_dep/rtw_proc.c +1 -1

No files found.
--- a/drivers/staging/rtl8723bs/os_dep/rtw_proc.c
+++ b/drivers/staging/rtl8723bs/os_dep/rtw_proc.c
@@ -295,7 +295,7 @@ static ssize_t proc_set_cam(struct file *file, const char __user *buffer, size_t
 	struct adapter *adapter;

 	char tmp[32];
-	char cmd[4];
+	char cmd[5];
 	u8 id;

 	adapter = (struct adapter *)rtw_netdev_priv(dev);