From 200115bc8145b7f5c7a06aa2c57a1a10b60da17d Mon Sep 17 00:00:00 2001 From: Andreas Dilger Date: Fri, 9 Mar 2018 16:18:53 -0700 Subject: [PATCH] LU-10264 misc: fix possible array overflow Fix a static analysis error. lustre/obdclass/obd_mount_server.c:1830 in osd_start(), buffer flagstr has size 16 but length of format string "%lu:%lu" is 31. Increase the size of buffer to hold maximal-sized strings plus NUL. Test-Parameters: trivial Signed-off-by: Andreas Dilger Change-Id: I3cc80d66bbb537161a561f4f2ba7830dde2cab07 Reviewed-on: https://review.whamcloud.com/32242 Tested-by: Jenkins Tested-by: Maloo Reviewed-by: Dmitry Eremin Reviewed-by: James Simmons Reviewed-by: Oleg Drokin --- lustre/obdclass/obd_mount_server.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lustre/obdclass/obd_mount_server.c b/lustre/obdclass/obd_mount_server.c index c65cb53..a4f0e4b 100644 --- a/lustre/obdclass/obd_mount_server.c +++ b/lustre/obdclass/obd_mount_server.c @@ -1814,10 +1814,10 @@ static int server_fill_super_common(struct super_block *sb) static int osd_start(struct lustre_sb_info *lsi, unsigned long mflags) { struct lustre_mount_data *lmd = lsi->lsi_lmd; - struct obd_device *obd; - struct dt_device_param p; - char flagstr[16]; - int rc; + struct obd_device *obd; + struct dt_device_param p; + char flagstr[20 + 1 + 10 + 1]; + int rc; ENTRY; CDEBUG(D_MOUNT, @@ -1827,7 +1827,7 @@ static int osd_start(struct lustre_sb_info *lsi, unsigned long mflags) sprintf(lsi->lsi_osd_obdname, "%s-osd", lsi->lsi_svname); strcpy(lsi->lsi_osd_uuid, lsi->lsi_osd_obdname); strcat(lsi->lsi_osd_uuid, "_UUID"); - sprintf(flagstr, "%lu:%lu", mflags, (unsigned long) lmd->lmd_flags); + snprintf(flagstr, sizeof(flagstr), "%lu:%u", mflags, lmd->lmd_flags); obd = class_name2obd(lsi->lsi_osd_obdname); if (obd == NULL) { -- 1.8.3.1