drm/ttm: make sure format string cannot leak in
authorKees Cook <keescook@chromium.org>
Thu, 11 Sep 2014 20:53:54 +0000 (13:53 -0700)
committerDave Airlie <airlied@redhat.com>
Wed, 17 Sep 2014 01:15:01 +0000 (11:15 +1000)
While zone->name is currently hard coded, the call to kobject_init_and_add()
should follow the more defensive argument list usage (as already done in
other places in ttm_memory.c) where "%s" is used instead of directly passing
in a variable as a format string.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Dave Airlie <airlied@redhat.com>
drivers/gpu/drm/ttm/ttm_memory.c

index dbc2def..a1803fb 100644 (file)
@@ -300,7 +300,8 @@ static int ttm_mem_init_highmem_zone(struct ttm_mem_global *glob,
        zone->glob = glob;
        glob->zone_highmem = zone;
        ret = kobject_init_and_add(
-               &zone->kobj, &ttm_mem_zone_kobj_type, &glob->kobj, zone->name);
+               &zone->kobj, &ttm_mem_zone_kobj_type, &glob->kobj, "%s",
+               zone->name);
        if (unlikely(ret != 0)) {
                kobject_put(&zone->kobj);
                return ret;