From 9bd86dd6b8cc4391695d0a0fbf40396b86a41c26 Mon Sep 17 00:00:00 2001 From: jeff-lien-sndk Date: Tue, 10 Mar 2026 10:57:46 -0500 Subject: [PATCH] sndk: avoid buffer overflow when reading file name Limit the size of a file name string to the declared size. Signed-off-by: jeff-lien-sndk --- plugins/sandisk/sandisk-nvme.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/sandisk/sandisk-nvme.c b/plugins/sandisk/sandisk-nvme.c index 6b910e8304..5cfb8eae80 100644 --- a/plugins/sandisk/sandisk-nvme.c +++ b/plugins/sandisk/sandisk-nvme.c @@ -476,7 +476,7 @@ static int sndk_vs_internal_fw_log(int argc, char **argv, timeInfo.second); snprintf(fileSuffix, PATH_MAX, "_internal_fw_log_%s", (char *)timeStamp); - ret = sndk_get_serial_name(hdl, f, PATH_MAX, fileSuffix); + ret = sndk_get_serial_name(hdl, f, PATH_MAX-5, fileSuffix); if (ret) { fprintf(stderr, "ERROR: SNDK: failed to generate file name\n"); goto out;