From 78d2a32a94ec50de04bf7ccbbe32e92ecccdc415 Mon Sep 17 00:00:00 2001 From: Richard Cochran Date: Sun, 21 May 2017 21:17:03 +0200 Subject: [PATCH] clock: Fix poor snprintf() handling. The calls to snprintf() to format /dev/phc%d use the wrong pattern. That function always properly terminates the string with null. However, the code passes a hard coded length of 31 to static arrays of length 32. While this is not a bug, there are two issues here. First, any (improbable) future increase in the array lengths would have to also remember to fix up the snprintf() call site as well. Secondly, the pattern of using buf[N] and then length=N-1 is appropriate for strncpy(), but is useless for snprintf(). Signed-off-by: Richard Cochran Reported-by: Petr Kulhavy --- clock.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/clock.c b/clock.c index 629a160..b6afba9 100644 --- a/clock.c +++ b/clock.c @@ -1053,7 +1053,7 @@ struct clock *clock_create(enum clock_type type, struct config *config, c->utc_timescale = 1; } } else if (phc_index >= 0) { - snprintf(phc, 31, "/dev/ptp%d", phc_index); + snprintf(phc, sizeof(phc), "/dev/ptp%d", phc_index); c->clkid = phc_open(phc); if (c->clkid == CLOCK_INVALID) { pr_err("Failed to open %s: %m", phc); @@ -1589,7 +1589,7 @@ int clock_switch_phc(struct clock *c, int phc_index) clockid_t clkid; char phc[32]; - snprintf(phc, 31, "/dev/ptp%d", phc_index); + snprintf(phc, sizeof(phc), "/dev/ptp%d", phc_index); clkid = phc_open(phc); if (clkid == CLOCK_INVALID) { pr_err("Switching PHC, failed to open %s: %m", phc);