From d40125fa02cf2f6f23458ac8d2eb9330e7e2edda Mon Sep 17 00:00:00 2001
From: Daniel Wagner <wagi@kernel.org>
Date: Fri, 7 Feb 2025 15:52:41 +0100
Subject: [PATCH] plugins/ocp: fix telemetry parser buffer overflow

The fixed 256-byte description_str will overflow for any reasonably
sized data_size >= 128.

Max data_size is for OCP VU Event Data is 0xFF Dwords, so the buffer
should be at least 1020 bytes + 1 for null. 1024 seems like a nice
number for OCP.

Reported-by: Nate Thornton <n.thornton@samsung.com>
Signed-off-by: Daniel Wagner <wagi@kernel.org>
---
 util/utils.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/util/utils.c b/util/utils.c
index 5d776522fb..ea30a4b74f 100644
--- a/util/utils.c
+++ b/util/utils.c
@@ -138,7 +138,7 @@ unsigned char *read_binary_file(char *data_dir_path, const char *bin_path,
 
 void print_formatted_var_size_str(const char *msg, const __u8 *pdata, size_t data_size, FILE *fp)
 {
-	char description_str[256] = "";
+	char description_str[1024] = "";
 	char temp_buffer[3] = { 0 };
 
 	for (size_t i = 0; i < data_size; ++i) {
@@ -146,10 +146,10 @@ void print_formatted_var_size_str(const char *msg, const __u8 *pdata, size_t dat
 		strcat(description_str, temp_buffer);
 	}
 
-	if (fp)
-		fprintf(fp, "%s: %s\n", msg, description_str);
-	else
-		printf("%s: %s\n", msg, description_str);
+	if (!fp)
+		fp = stdout;
+
+	fprintf(fp, "%s: %s\n", msg, description_str);
 }
 
 void process_field_size_16(int offset, char *sfield, __u8 *buf, char *datastr)