HID: hid-picolcd_fb: Use scnprintf() for avoiding potential buffer overflow
authorTakashi Iwai <tiwai@suse.de>
Wed, 11 Mar 2020 07:37:19 +0000 (08:37 +0100)
committerJiri Kosina <jkosina@suse.cz>
Wed, 11 Mar 2020 10:58:58 +0000 (11:58 +0100)
Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit.  Fix it by replacing with scnprintf().

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
drivers/hid/hid-picolcd_fb.c

index e162a66..37ba05e 100644 (file)
@@ -459,9 +459,9 @@ static ssize_t picolcd_fb_update_rate_show(struct device *dev,
                if (ret >= PAGE_SIZE)
                        break;
                else if (i == fb_update_rate)
                if (ret >= PAGE_SIZE)
                        break;
                else if (i == fb_update_rate)
-                       ret += snprintf(buf+ret, PAGE_SIZE-ret, "[%u] ", i);
+                       ret += scnprintf(buf+ret, PAGE_SIZE-ret, "[%u] ", i);
                else
                else
-                       ret += snprintf(buf+ret, PAGE_SIZE-ret, "%u ", i);
+                       ret += scnprintf(buf+ret, PAGE_SIZE-ret, "%u ", i);
        if (ret > 0)
                buf[min(ret, (size_t)PAGE_SIZE)-1] = '\n';
        return ret;
        if (ret > 0)
                buf[min(ret, (size_t)PAGE_SIZE)-1] = '\n';
        return ret;