sbi_platform_get_features_str() uses sbi_snprintf() to construct the
features_str. However, it passes the wrong length value (i.e., the nfstr),
which should be (nfstr-offset) as the starting point of str (i.e.,
features_str + offset) changes.
This commit also checks the return value of snprintf, and handles the
corner case that the string buffer is full.
Signed-off-by: Dong Du <Dd_nirvana@sjtu.edu.cn>
Reviewed-by: Atish Patra <atish.patra@wdc.com>
if (features & feat) {
temp = sbi_platform_feature_id2string(feat);
if (temp) {
- sbi_snprintf(features_str + offset, nfstr,
- "%s,", temp);
- offset = offset + sbi_strlen(temp) + 1;
+ int len = sbi_snprintf(features_str + offset,
+ nfstr - offset,
+ "%s,", temp);
+ if (len < 0)
+ break;
+
+ if (offset + len >= nfstr) {
+ /* No more space for features */
+ offset = nfstr;
+ break;
+ } else
+ offset = offset + len;
}
}
feat = feat << 1;