mdadm/platform-intel: buffer overflow detected

mdadm -CR /dev/md0 -l1 -n2 /dev/nvme0n1 /dev/nvme2n1
*** buffer overflow detected ***: terminated
Aborted (core dumped)

It doesn't happen 100% and it depends on the building environment.
It can be fixed by replacing sprintf with snprintf.

Fixes: d835518b6b53 ('imsm: nvme multipath support')
Reported-by: Guang Wu <guazhang@redhat.com>
Signed-off-by: Xiao Ni <xni@redhat.com>
Signed-off-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>

diff --git a/platform-intel.c b/platform-intel.c
index 15a9fa5ac160f9b5573a91edfce7878690c5ed1f..d6a535335ad19e509fb4a8dd905ed9ec57c2703c 100644 (file)
--- a/platform-intel.c
+++ b/platform-intel.c
@@ -907,14 +907,14 @@ char *get_nvme_multipath_dev_hw_path(const char *dev_path)
                return NULL;
 
        for (ent = readdir(dir); ent; ent = readdir(dir)) {
-               char buf[strlen(dev_path) + strlen(ent->d_name) + 1];
+               char buf[PATH_MAX];
 
                /* Check if dir is a controller, ignore namespaces*/
                if (!(strncmp(ent->d_name, "nvme", 4) == 0) ||
                    (strrchr(ent->d_name, 'n') != &ent->d_name[0]))
                        continue;
 
-               sprintf(buf, "%s/%s", dev_path, ent->d_name);
+               snprintf(buf, PATH_MAX, "%s/%s", dev_path, ent->d_name);
                rp = realpath(buf, NULL);
                break;
        }