From f5a6fa189ad2e73d25e31de3cc7f0bf81907c986 Mon Sep 17 00:00:00 2001 From: Josephine Pfeiffer Date: Wed, 1 Oct 2025 19:40:46 +0200 Subject: [PATCH] KVM: s390: Replace sprintf with snprintf for buffer safety Replace sprintf() with snprintf() when formatting debug names to prevent potential buffer overflow. The debug_name buffer is 16 bytes, and while unlikely to overflow with current PIDs, using snprintf() provides proper bounds checking. Signed-off-by: Josephine Pfeiffer [frankja@linux.ibm.com: Fixed subject prefix] Signed-off-by: Janosch Frank --- arch/s390/kvm/kvm-s390.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c index 677aa5c7d226b..70ebc54b1bb11 100644 --- a/arch/s390/kvm/kvm-s390.c +++ b/arch/s390/kvm/kvm-s390.c @@ -3348,7 +3348,7 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type) if (!kvm->arch.sca) goto out_err; - sprintf(debug_name, "kvm-%u", current->pid); + snprintf(debug_name, sizeof(debug_name), "kvm-%u", current->pid); kvm->arch.dbf = debug_register(debug_name, 32, 1, 7 * sizeof(long)); if (!kvm->arch.dbf) -- 2.47.3