projects
/
platform
/
kernel
/
linux-rpi.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
42f21e5
)
video: uvesafb: Use scnprintf() for avoiding potential buffer overflow
author
Takashi Iwai
<tiwai@suse.de>
Wed, 11 Mar 2020 09:32:30 +0000
(10:32 +0100)
committer
Bartlomiej Zolnierkiewicz
<b.zolnierkie@samsung.com>
Fri, 20 Mar 2020 13:29:06 +0000
(14:29 +0100)
Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit. Fix it by replacing with scnprintf().
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Link:
https://patchwork.freedesktop.org/patch/msgid/20200311093230.24900-4-tiwai@suse.de
drivers/video/fbdev/uvesafb.c
patch
|
blob
|
history
diff --git
a/drivers/video/fbdev/uvesafb.c
b/drivers/video/fbdev/uvesafb.c
index
53d08d1
..
1b385cf
100644
(file)
--- a/
drivers/video/fbdev/uvesafb.c
+++ b/
drivers/video/fbdev/uvesafb.c
@@
-1560,7
+1560,7
@@
static ssize_t uvesafb_show_vbe_modes(struct device *dev,
int ret = 0, i;
for (i = 0; i < par->vbe_modes_cnt && ret < PAGE_SIZE; i++) {
- ret += snprintf(buf + ret, PAGE_SIZE - ret,
+ ret += s
c
nprintf(buf + ret, PAGE_SIZE - ret,
"%dx%d-%d, 0x%.4x\n",
par->vbe_modes[i].x_res, par->vbe_modes[i].y_res,
par->vbe_modes[i].depth, par->vbe_modes[i].mode_id);