projects / platform / kernel / linux-rpi.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 42f21e5)
video: uvesafb: Use scnprintf() for avoiding potential buffer overflow
authorTakashi Iwai <tiwai@suse.de>
Wed, 11 Mar 2020 09:32:30 +0000 (10:32 +0100)
committerBartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Fri, 20 Mar 2020 13:29:06 +0000 (14:29 +0100)
Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit.  Fix it by replacing with scnprintf().

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20200311093230.24900-4-tiwai@suse.de
drivers/video/fbdev/uvesafb.c patch | blob | history

diff --git a/drivers/video/fbdev/uvesafb.c b/drivers/video/fbdev/uvesafb.c
index 53d08d1..1b385cf 100644 (file)
--- a/drivers/video/fbdev/uvesafb.c
+++ b/drivers/video/fbdev/uvesafb.c
@@ -1560,7 +1560,7 @@ static ssize_t uvesafb_show_vbe_modes(struct device *dev,
        int ret = 0, i;
 
        for (i = 0; i < par->vbe_modes_cnt && ret < PAGE_SIZE; i++) {
-               ret += snprintf(buf + ret, PAGE_SIZE - ret,
+               ret += scnprintf(buf + ret, PAGE_SIZE - ret,
                        "%dx%d-%d, 0x%.4x\n",
                        par->vbe_modes[i].x_res, par->vbe_modes[i].y_res,
                        par->vbe_modes[i].depth, par->vbe_modes[i].mode_id);
Domain: System / Kernel;