[PATCH] HID: hid-picolcd_fb: Use scnprintf() for avoiding potential buffer overflow

Linux Input/HID development
 help / color / mirror / Atom feed

* [PATCH] HID: hid-picolcd_fb: Use scnprintf() for avoiding potential buffer overflow
@ 2020-03-11  7:37 Takashi Iwai
  2020-03-11 11:00 ` Jiri Kosina
  0 siblings, 1 reply; 2+ messages in thread
From: Takashi Iwai @ 2020-03-11  7:37 UTC (permalink / raw)
  To: Bruno Prémont; +Cc: Jiri Kosina, Benjamin Tissoires, linux-input

Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit.  Fix it by replacing with scnprintf().

Signed-off-by: Takashi Iwai <tiwai@suse.de>
---
 drivers/hid/hid-picolcd_fb.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/hid/hid-picolcd_fb.c b/drivers/hid/hid-picolcd_fb.c
index a549c42e8c90..33c102a60992 100644
--- a/drivers/hid/hid-picolcd_fb.c
+++ b/drivers/hid/hid-picolcd_fb.c
@@ -458,9 +458,9 @@ static ssize_t picolcd_fb_update_rate_show(struct device *dev,
 		if (ret >= PAGE_SIZE)
 			break;
 		else if (i == fb_update_rate)
-			ret += snprintf(buf+ret, PAGE_SIZE-ret, "[%u] ", i);
+			ret += scnprintf(buf+ret, PAGE_SIZE-ret, "[%u] ", i);
 		else
-			ret += snprintf(buf+ret, PAGE_SIZE-ret, "%u ", i);
+			ret += scnprintf(buf+ret, PAGE_SIZE-ret, "%u ", i);
 	if (ret > 0)
 		buf[min(ret, (size_t)PAGE_SIZE)-1] = '\n';
 	return ret;
-- 
2.16.4


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] HID: hid-picolcd_fb: Use scnprintf() for avoiding potential buffer overflow
  2020-03-11  7:37 [PATCH] HID: hid-picolcd_fb: Use scnprintf() for avoiding potential buffer overflow Takashi Iwai
@ 2020-03-11 11:00 ` Jiri Kosina
  0 siblings, 0 replies; 2+ messages in thread
From: Jiri Kosina @ 2020-03-11 11:00 UTC (permalink / raw)
  To: Takashi Iwai; +Cc: Bruno Prémont, Benjamin Tissoires, linux-input

On Wed, 11 Mar 2020, Takashi Iwai wrote:

> Since snprintf() returns the would-be-output size instead of the
> actual output size, the succeeding calls may go beyond the given
> buffer limit.  Fix it by replacing with scnprintf().
> 
> Signed-off-by: Takashi Iwai <tiwai@suse.de>

Applied to for-5.6/upstream-fixes. Thanks,

-- 
Jiri Kosina
SUSE Labs


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2020-03-11 11:00 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-03-11  7:37 [PATCH] HID: hid-picolcd_fb: Use scnprintf() for avoiding potential buffer overflow Takashi Iwai
2020-03-11 11:00 ` Jiri Kosina

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox