* [PATCH] ssb: Use scnprintf() for avoiding potential buffer overflow
@ 2020-03-11 9:17 Takashi Iwai
2020-03-12 13:44 ` Kalle Valo
0 siblings, 1 reply; 2+ messages in thread
From: Takashi Iwai @ 2020-03-11 9:17 UTC (permalink / raw)
To: Michael Buesch; +Cc: linux-wireless
Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit. Fix it by replacing with scnprintf().
Signed-off-by: Takashi Iwai <tiwai@suse.de>
---
drivers/ssb/sprom.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/ssb/sprom.c b/drivers/ssb/sprom.c
index 4f028a80d6c4..52d2e0f33be7 100644
--- a/drivers/ssb/sprom.c
+++ b/drivers/ssb/sprom.c
@@ -26,9 +26,9 @@ static int sprom2hex(const u16 *sprom, char *buf, size_t buf_len,
int i, pos = 0;
for (i = 0; i < sprom_size_words; i++)
- pos += snprintf(buf + pos, buf_len - pos - 1,
+ pos += scnprintf(buf + pos, buf_len - pos - 1,
"%04X", swab16(sprom[i]) & 0xFFFF);
- pos += snprintf(buf + pos, buf_len - pos - 1, "\n");
+ pos += scnprintf(buf + pos, buf_len - pos - 1, "\n");
return pos + 1;
}
--
2.16.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-03-12 13:44 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-03-11 9:17 [PATCH] ssb: Use scnprintf() for avoiding potential buffer overflow Takashi Iwai
2020-03-12 13:44 ` Kalle Valo
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.