From patchwork Thu Apr  8 01:51:42 2010
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Grant Likely <grant.likely@secretlab.ca>
X-Patchwork-Id: 49683
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.gnu.org (lists.gnu.org [199.232.76.165])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by ozlabs.org (Postfix) with ESMTPS id 0FC6EB7D0F
	for <incoming@patchwork.ozlabs.org>;
	Thu,  8 Apr 2010 11:53:51 +1000 (EST)
Received: from localhost ([127.0.0.1]:43602 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1NzgvU-0007kX-IL
	for incoming@patchwork.ozlabs.org; Wed, 07 Apr 2010 21:53:00 -0400
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1NzguN-0007iH-Kv
	for qemu-devel@nongnu.org; Wed, 07 Apr 2010 21:51:51 -0400
Received: from [140.186.70.92] (port=56532 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1NzguM-0007hT-GM
	for qemu-devel@nongnu.org; Wed, 07 Apr 2010 21:51:51 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69)
	(envelope-from <grant.likely@secretlab.ca>) id 1NzguK-0002vA-L8
	for qemu-devel@nongnu.org; Wed, 07 Apr 2010 21:51:50 -0400
Received: from mail-pv0-f173.google.com ([74.125.83.173]:59104)
	by eggs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <grant.likely@secretlab.ca>) id 1NzguK-0002v4-GI
	for qemu-devel@nongnu.org; Wed, 07 Apr 2010 21:51:48 -0400
Received: by pvd12 with SMTP id 12so154833pvd.4
	for <qemu-devel@nongnu.org>; Wed, 07 Apr 2010 18:51:47 -0700 (PDT)
Received: by 10.140.251.8 with SMTP id y8mr958851rvh.231.1270691506451;
	Wed, 07 Apr 2010 18:51:46 -0700 (PDT)
Received: from angua (S01060002b3d79728.cg.shawcable.net [70.72.87.49])
	by mx.google.com with ESMTPS id 23sm4109029pzk.6.2010.04.07.18.51.44
	(version=TLSv1/SSLv3 cipher=RC4-MD5);
	Wed, 07 Apr 2010 18:51:45 -0700 (PDT)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by angua (Postfix) with ESMTP id E0077575E;
	Wed,  7 Apr 2010 19:51:42 -0600 (MDT)
From: Grant Likely <grant.likely@secretlab.ca>
To: qemu-devel@nongnu.org, devicetree-discuss@lists.ozlabs.org,
	jeremy.kerr@canonical.com
Date: Wed, 07 Apr 2010 19:51:42 -0600
Message-ID: <20100408015013.18100.89239.stgit@angua>
User-Agent: StGIT/0.14.2
MIME-Version: 1.0
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2)
Cc: 
Subject: [Qemu-devel] [RFC PATCH] devicetree: Fix buffer overflow on setting
	device node name
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Fix bug where temporary buffer for sprintf() was not large enough
when setting a device tree node name.

Signed-off-by: Grant Likely <grant.likely@secretlab.ca>
---

Hi Jeremy.  Here's the fix I promised.  With this change your current tree
works beautifully.  I've pushed out the kernel that works with this QEMU
branch to my Linux kernel git tree:

git://git.secretlab.ca/git/linux-2.6 test-devicetree

Cheers,
g.

 hw/qdev.c   |    2 +-
 hw/sysbus.c |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/qdev.c b/hw/qdev.c
index caa5b35..36582ec 100644
--- a/hw/qdev.c
+++ b/hw/qdev.c
@@ -868,7 +868,7 @@ static int qdev_fdt_add_device(void *fdt, DeviceState *dev, int bus_offset)
 {
     BusState *child;
     int dev_offset, rc;
-    char name[sizeof(dev->info->name) + 9];
+    char name[sizeof(dev->info->name) + 20];
     static int unique = 0;
 
     sprintf(name, "%s@%x", dev->info->name, unique++);
diff --git a/hw/sysbus.c b/hw/sysbus.c
index c63deef..c17d12d 100644
--- a/hw/sysbus.c
+++ b/hw/sysbus.c
@@ -230,7 +230,7 @@ static int sysbus_fdt_populate_node(DeviceState *dev, void *fdt, int offset)
     for (i = 0; i < s->num_mmio; i++) {
         /* By convention, the name is appended with '@<first reg addr>' */
         if (i == 0) {
-            char n[sizeof(dev->info->name) + 10];
+            char n[sizeof(dev->info->name) + 20];
             sprintf(n, "%s@%x", dev->info->name, (uint32_t)s->mmio[i].addr);
             rc = fdt_set_name(fdt, offset, n);
             if (rc < 0)