LU-10264 misc: fix possible array overflow

Fix a static analysis error.

lustre/obdclass/obd_mount_server.c:1830 in osd_start(), buffer
    flagstr has size 16 but length of format string "%lu:%lu" is 31.
Increase the size of buffer to hold maximal-sized strings plus NUL.

Test-Parameters: trivial
Signed-off-by: Andreas Dilger <andreas.dilger@intel.com>
Change-Id: I3cc80d66bbb537161a561f4f2ba7830dde2cab07
Reviewed-on: https://review.whamcloud.com/32242
Tested-by: Jenkins
Tested-by: Maloo <hpdd-maloo@intel.com>
Reviewed-by: Dmitry Eremin <dmitry.eremin@intel.com>
Reviewed-by: James Simmons <uja.ornl@yahoo.com>
Reviewed-by: Oleg Drokin <oleg.drokin@intel.com>

diff --git a/lustre/obdclass/obd_mount_server.c b/lustre/obdclass/obd_mount_server.c
index c65cb53..a4f0e4b 100644 (file)
--- a/lustre/obdclass/obd_mount_server.c
+++ b/lustre/obdclass/obd_mount_server.c
@@ -1814,10 +1814,10 @@ static int server_fill_super_common(struct super_block *sb)
 static int osd_start(struct lustre_sb_info *lsi, unsigned long mflags)
 {
        struct lustre_mount_data *lmd = lsi->lsi_lmd;
-       struct obd_device        *obd;
-       struct dt_device_param    p;
-       char                      flagstr[16];
-       int                       rc;
+       struct obd_device *obd;
+       struct dt_device_param p;
+       char flagstr[20 + 1 + 10 + 1];
+       int rc;
        ENTRY;
 
        CDEBUG(D_MOUNT,
@@ -1827,7 +1827,7 @@ static int osd_start(struct lustre_sb_info *lsi, unsigned long mflags)
        sprintf(lsi->lsi_osd_obdname, "%s-osd", lsi->lsi_svname);
        strcpy(lsi->lsi_osd_uuid, lsi->lsi_osd_obdname);
        strcat(lsi->lsi_osd_uuid, "_UUID");
-       sprintf(flagstr, "%lu:%lu", mflags, (unsigned long) lmd->lmd_flags);
+       snprintf(flagstr, sizeof(flagstr), "%lu:%u", mflags, lmd->lmd_flags);
 
        obd = class_name2obd(lsi->lsi_osd_obdname);
        if (obd == NULL) {