[PATCH] iio: iio_enum_available_read: Prevent possible buffer overflow

linux-iio.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] iio: iio_enum_available_read: Prevent possible buffer overflow
@ 2012-06-05 16:24 Lars-Peter Clausen
  2012-06-06  8:34 ` Jonathan Cameron
  0 siblings, 1 reply; 2+ messages in thread
From: Lars-Peter Clausen @ 2012-06-05 16:24 UTC (permalink / raw)
  To: Greg Kroah-Hartman; +Cc: Jonathan Cameron, devel, linux-iio, Lars-Peter Clausen

Use scnprint instead of snprintf, because snprintf returns the number of bytes
that would have been written to the buffer if there was enough space, and as a
result writing to buf[len-1] might cause a access beyond the buffers limits.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
---
 drivers/iio/industrialio-core.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/iio/industrialio-core.c b/drivers/iio/industrialio-core.c
index 56a3c0b..cf9ecd0 100644
--- a/drivers/iio/industrialio-core.c
+++ b/drivers/iio/industrialio-core.c
@@ -300,7 +300,7 @@ ssize_t iio_enum_available_read(struct iio_dev *indio_dev,
 		return 0;
 
 	for (i = 0; i < e->num_items; ++i)
-		len += snprintf(buf + len, PAGE_SIZE - len, "%s ", e->items[i]);
+		len += scnprintf(buf + len, PAGE_SIZE - len, "%s ", e->items[i]);
 
 	/* replace last space with a newline */
 	buf[len - 1] = '\n';
-- 
1.7.10


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] iio: iio_enum_available_read: Prevent possible buffer overflow
  2012-06-05 16:24 [PATCH] iio: iio_enum_available_read: Prevent possible buffer overflow Lars-Peter Clausen
@ 2012-06-06  8:34 ` Jonathan Cameron
  0 siblings, 0 replies; 2+ messages in thread
From: Jonathan Cameron @ 2012-06-06  8:34 UTC (permalink / raw)
  To: Lars-Peter Clausen; +Cc: Greg Kroah-Hartman, Jonathan Cameron, devel, linux-iio

On 6/5/2012 5:24 PM, Lars-Peter Clausen wrote:
> Use scnprint instead of snprintf, because snprintf returns the number of bytes
> that would have been written to the buffer if there was enough space, and as a
> result writing to buf[len-1] might cause a access beyond the buffers limits.
>
> Reported-by: Dan Carpenter<dan.carpenter@oracle.com>
> Signed-off-by: Lars-Peter Clausen<lars@metafoo.de>
Acked-by: Jonathan Cameron <jic23@kernel.org>
> ---
>   drivers/iio/industrialio-core.c |    2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/iio/industrialio-core.c b/drivers/iio/industrialio-core.c
> index 56a3c0b..cf9ecd0 100644
> --- a/drivers/iio/industrialio-core.c
> +++ b/drivers/iio/industrialio-core.c
> @@ -300,7 +300,7 @@ ssize_t iio_enum_available_read(struct iio_dev *indio_dev,
>   		return 0;
>
>   	for (i = 0; i<  e->num_items; ++i)
> -		len += snprintf(buf + len, PAGE_SIZE - len, "%s ", e->items[i]);
> +		len += scnprintf(buf + len, PAGE_SIZE - len, "%s ", e->items[i]);
>
>   	/* replace last space with a newline */
>   	buf[len - 1] = '\n';

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2012-06-06  8:34 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-06-05 16:24 [PATCH] iio: iio_enum_available_read: Prevent possible buffer overflow Lars-Peter Clausen
2012-06-06  8:34 ` Jonathan Cameron

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).