media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var()

Ideally, strlen(cur->string.pointer) and strlen(out) would be the same.
But this code is using strscpy() to avoid a potential buffer overflow.
So in the same way we should take the strlen() of the smaller string to
avoid a buffer overflow in the caller, gmin_get_var_int().

Link: https://lore.kernel.org/r/26124bcd-8132-4483-9d67-225c87d424e8@kili.mountain
Fixes: 387041cda44e ("media: atomisp: improve sensor detection code to use _DSM table")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>

diff --git a/drivers/staging/media/atomisp/pci/atomisp_gmin_platform.c b/drivers/staging/media/atomisp/pci/atomisp_gmin_platform.c
index bc2dd96..93bfb3f 100644 (file)
--- a/drivers/staging/media/atomisp/pci/atomisp_gmin_platform.c
+++ b/drivers/staging/media/atomisp/pci/atomisp_gmin_platform.c
@@ -1359,7 +1359,7 @@ static int gmin_get_config_dsm_var(struct device *dev,
        dev_info(dev, "found _DSM entry for '%s': %s\n", var,
                 cur->string.pointer);
        strscpy(out, cur->string.pointer, *out_len);
-       *out_len = strlen(cur->string.pointer);
+       *out_len = strlen(out);
 
        ACPI_FREE(obj);
        return 0;