From f8e4393ace25161d0426f30b531b0860ff89aabf Mon Sep 17 00:00:00 2001
From: Nitin Kumbhar <nkumbhar@nvidia.com>
Date: Wed, 25 Sep 2019 14:27:57 +0530
Subject: [PATCH] gpu: nvgpu: fix possible buffer overflow issue

As sprintf() is used to populate pool_name[20], it can overflow
for larger u32 values (u32 max decimal number chars are 10) i.e.
20 < strlen("semaphore_pool-") i.e. 15 + 10.

Fix this overflow by removing pool_name as it's not used.

Bug 2626446

Change-Id: I4e0a222a2cd34dcd09e69294bc46e2242abb04bb
Signed-off-by: Nitin Kumbhar <nkumbhar@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/2205356
Reviewed-by: svc-mobile-coverity <svc-mobile-coverity@nvidia.com>
Reviewed-by: svc-mobile-misra <svc-mobile-misra@nvidia.com>
Reviewed-by: Automatic_Commit_Validation_User
Reviewed-by: Deepak Nibade <dnibade@nvidia.com>
Reviewed-by: Alex Waterman <alexw@nvidia.com>
GVS: Gerrit_Virtual_Submit
Reviewed-by: Ankur Kishore <ankkishore@nvidia.com>
Reviewed-by: Seshendra Gadagottu <sgadagottu@nvidia.com>
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
---
 drivers/gpu/nvgpu/common/sync/channel_sync_semaphore.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/drivers/gpu/nvgpu/common/sync/channel_sync_semaphore.c b/drivers/gpu/nvgpu/common/sync/channel_sync_semaphore.c
index 710c06826..922911354 100644
--- a/drivers/gpu/nvgpu/common/sync/channel_sync_semaphore.c
+++ b/drivers/gpu/nvgpu/common/sync/channel_sync_semaphore.c
@@ -337,7 +337,6 @@ nvgpu_channel_sync_semaphore_create(
 {
 	struct nvgpu_channel_sync_semaphore *sema;
 	struct gk20a *g = c->g;
-	char pool_name[20];
 	int asid = -1;
 	int err;
 
@@ -352,7 +351,6 @@ nvgpu_channel_sync_semaphore_create(
 	}
 	sema->c = c;
 
-	sprintf(pool_name, "semaphore_pool-%d", c->chid);
 	sema->pool = c->vm->sema_pool;
 
 	if (c->vm->as_share != NULL) {