From dbdd24eaac4ecc482e2d433175c0e82b9f107bef Mon Sep 17 00:00:00 2001 From: Takashi Iwai Date: Fri, 20 Mar 2020 09:44:29 +0100 Subject: [PATCH] edd: Use scnprintf() for avoiding potential buffer overflow Since snprintf() returns the would-be-output size instead of the actual output size, the succeeding calls may go beyond the given buffer limit. Fix it by replacing with scnprintf(). Link: https://lore.kernel.org/r/20200320084429.1803-1-tiwai@suse.de Signed-off-by: Takashi Iwai --- drivers/firmware/edd.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/firmware/edd.c b/drivers/firmware/edd.c index 29906e3..14d0970 100644 --- a/drivers/firmware/edd.c +++ b/drivers/firmware/edd.c @@ -341,7 +341,7 @@ edd_show_legacy_max_cylinder(struct edd_device *edev, char *buf) if (!info || !buf) return -EINVAL; - p += snprintf(p, left, "%u\n", info->legacy_max_cylinder); + p += scnprintf(p, left, "%u\n", info->legacy_max_cylinder); return (p - buf); } @@ -356,7 +356,7 @@ edd_show_legacy_max_head(struct edd_device *edev, char *buf) if (!info || !buf) return -EINVAL; - p += snprintf(p, left, "%u\n", info->legacy_max_head); + p += scnprintf(p, left, "%u\n", info->legacy_max_head); return (p - buf); } @@ -371,7 +371,7 @@ edd_show_legacy_sectors_per_track(struct edd_device *edev, char *buf) if (!info || !buf) return -EINVAL; - p += snprintf(p, left, "%u\n", info->legacy_sectors_per_track); + p += scnprintf(p, left, "%u\n", info->legacy_sectors_per_track); return (p - buf); } -- 2.7.4