projects / platform / kernel / linux-starfive.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1da740e)
ssb: Use scnprintf() for avoiding potential buffer overflow
authorTakashi Iwai <tiwai@suse.de>
Wed, 11 Mar 2020 09:17:39 +0000 (10:17 +0100)
committerKalle Valo <kvalo@codeaurora.org>
Thu, 12 Mar 2020 13:44:12 +0000 (15:44 +0200)
Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit.  Fix it by replacing with scnprintf().

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
drivers/ssb/sprom.c patch | blob | history

diff --git a/drivers/ssb/sprom.c b/drivers/ssb/sprom.c
index 4f028a8..52d2e0f 100644 (file)
--- a/drivers/ssb/sprom.c
+++ b/drivers/ssb/sprom.c
@@ -26,9 +26,9 @@ static int sprom2hex(const u16 *sprom, char *buf, size_t buf_len,
        int i, pos = 0;
 
        for (i = 0; i < sprom_size_words; i++)
-               pos += snprintf(buf + pos, buf_len - pos - 1,
+               pos += scnprintf(buf + pos, buf_len - pos - 1,
                                "%04X", swab16(sprom[i]) & 0xFFFF);
-       pos += snprintf(buf + pos, buf_len - pos - 1, "\n");
+       pos += scnprintf(buf + pos, buf_len - pos - 1, "\n");
 
        return pos + 1;
 }
Domain: System / Kernel;