Unverified Commit b662b162 authored by Feng Jiang's avatar Feng Jiang Committed by Rodrigo Vivi
Browse files

drm: Fix potential overflow issue in event_string array 



When calling scnprintf() to append recovery method to event_string,
the second argument should be `sizeof(event_string) - len`, otherwise
there is a potential overflow problem.

Fixes: b7cf9f4a ("drm: Introduce device wedged event")
Signed-off-by: default avatarFeng Jiang <jiangfeng@kylinos.cn>
Reviewed-by: default avatarAndré Almeida <andrealmeid@igalia.com>
Reviewed-by: default avatarRaag Jadav <raag.jadav@intel.com>
Link: https://lore.kernel.org/r/20250409014633.31303-1-jiangfeng@kylinos.cn


Signed-off-by: default avatarRodrigo Vivi <rodrigo.vivi@intel.com>
parent 75680b7c

drivers/gpu/drm/drm_drv.c

+1 −1
Original line number Diff line number Diff line
@@ -549,7 +549,7 @@ int drm_dev_wedged_event(struct drm_device *dev, unsigned long method) 
		if (drm_WARN_ONCE(dev, !recovery, "invalid recovery method %u\n", opt))

			break;



		len += scnprintf(event_string + len, sizeof(event_string), "%s,", recovery);

		len += scnprintf(event_string + len, sizeof(event_string) - len, "%s,", recovery);

	}



	if (recovery)