iio: iio_enum_available_read: Prevent possible buffer overflow

Use scnprint instead of snprintf, because snprintf returns the number of bytes that would have been written to the buffer if there was enough space, and as a result writing to buf[len-1] might cause a access beyond the buffers limits. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Lars-Peter Clausen <lars@metafoo.de> Acked-by: Jonathan Cameron <jic23@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

iio: iio_enum_available_read: Prevent possible buffer overflow
Use scnprint instead of snprintf, because snprintf returns the number of bytes that would have been written to the buffer if there was enough space, and as a result writing to buf[len-1] might cause a access beyond the buffers limits. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Lars-Peter Clausen <lars@metafoo.de> Acked-by: Jonathan Cameron <jic23@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
74dcd439 · Lars-Peter Clausen · Greg Kroah-Hartman · a21e6bfe · 74dcd439
Commit 74dcd439 authored Jun 05, 2012 by Lars-Peter Clausen Committed by Greg Kroah-Hartman Jun 07, 2012
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

drivers/iio/industrialio-core.c drivers/iio/industrialio-core.c +1 -1

No files found.
--- a/drivers/iio/industrialio-core.c
+++ b/drivers/iio/industrialio-core.c
@@ -300,7 +300,7 @@ ssize_t iio_enum_available_read(struct iio_dev *indio_dev,
 		return 0;

 	for (i = 0; i < e->num_items; ++i)
-		len += snprintf(buf + len, PAGE_SIZE - len, "%s ", e->items[i]);
+		len += scnprintf(buf + len, PAGE_SIZE - len, "%s ", e->items[i]);

 	/* replace last space with a newline */
 	buf[len - 1] = '\n';