Lines Matching refs:id_string

4 Subject: [PATCH] fru, sdr: Fix id_string buffer overflows
9 9 variants of stack buffer overflow when parsing `id_string` field of
12 SDR record structs have an `id_code` field, and an `id_string` `char`
15 The length of `id_string` is calculated as `(id_code & 0x1f) + 1`,
38 -	memcpy(desc, fru->id_string, fru->id_code & 0x01f);
39 +	memcpy(desc, fru->id_string, __min(fru->id_code & 0x01f, sizeof(desc)));
51 -	snprintf(desc, (sensor->id_code & 0x1f) + 1, "%s", sensor->id_string);
52 +	snprintf(desc, sizeof(desc), "%.*s", (sensor->id_code & 0x1f) + 1, sensor->id_string);
60 -	snprintf(desc, (mc->id_code & 0x1f) + 1, "%s", mc->id_string);
61 +	snprintf(desc, sizeof(desc), "%.*s", (mc->id_code & 0x1f) + 1, mc->id_string);
69 -	snprintf(desc, (dev->id_code & 0x1f) + 1, "%s", dev->id_string);
70 +	snprintf(desc, sizeof(desc), "%.*s", (dev->id_code & 0x1f) + 1, dev->id_string);
78 -	snprintf(desc, (fru->id_code & 0x1f) + 1, "%s", fru->id_string);
79 +	snprintf(desc, sizeof(desc), "%.*s", (fru->id_code & 0x1f) + 1, fru->id_string);
87 +   const char *id_string;
95 -               (const char *)record.full->id_string);
97 +      id_string = record.full->id_string;
103 -               (const char *)record.compact->id_string);
105 +      id_string = record.compact->id_string;
111 -               (const char *)record.eventonly->id_string);
114 +      id_string = record.eventonly->id_string;
120 -               (const char *)record.mcloc->id_string);		
122 +      id_string = record.mcloc->id_string;
131 +       snprintf(desc, sizeof(desc), "%.*s", (id_code & 0x1f) + 1, id_string);