b43: Use scnprintf() for avoiding potential buffer overflow

Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit.  Fix it by replacing with scnprintf().

Cc: b43-dev@lists.infradead.org
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>

diff --git a/drivers/net/wireless/broadcom/b43/debugfs.c b/drivers/net/wireless/broadcom/b43/debugfs.c
index 1325727a74ed4fc7aec1098cc0e43996042db568..dc1819ca52ac76c34f39a0452e0d62cc3e1fdb25 100644 (file)
--- a/drivers/net/wireless/broadcom/b43/debugfs.c
+++ b/drivers/net/wireless/broadcom/b43/debugfs.c
@@ -51,7 +51,7 @@ struct b43_dfs_file *fops_to_dfs_file(struct b43_wldev *dev,
 #define fappend(fmt, x...)     \
        do {                                                    \
                if (bufsize - count)                            \
-                       count += snprintf(buf + count,          \
+                       count += scnprintf(buf + count,         \
                                          bufsize - count,      \
                                          fmt , ##x);           \
                else                                            \