Skip to content

L
linux
Commit 190c8f72 authored by Takashi Iwai's avatar Takashi Iwai Committed by Greg Kroah-Hartman
Browse files
Options

staging: vc04_services: Use scnprintf() for avoiding potential buffer overflow 

Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit.  Fix it by replacing with scnprintf().
Reviewed-by: default avatarNicolas Saenz Julienne <nsaenzjulienne@suse.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: bcm-kernel-feedback-list@broadcom.com
Cc: linux-rpi-kernel@lists.infradead.org
Cc: devel@driverdev.osuosl.org
Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
Link: https://lore.kernel.org/r/20200319161300.25967-1-tiwai@suse.deSigned-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 0432184f
Hide whitespace changes
Inline Side-by-side
Showing with 3 additions and 3 deletions
drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
View file @ 190c8f72
...@@ -2161,17 +2161,17 @@ int vchiq_dump_platform_service_state(void *dump_context, ...@@ -2161,17 +2161,17 @@ int vchiq_dump_platform_service_state(void *dump_context,
char buf[80]; char buf[80];
int len; int len;
len = snprintf(buf, sizeof(buf), " instance %pK", service->instance); len = scnprintf(buf, sizeof(buf), " instance %pK", service->instance);
if ((service->base.callback == service_callback) && if ((service->base.callback == service_callback) &&
user_service->is_vchi) { user_service->is_vchi) {
len += snprintf(buf + len, sizeof(buf) - len, len += scnprintf(buf + len, sizeof(buf) - len,
", %d/%d messages", ", %d/%d messages",
user_service->msg_insert - user_service->msg_remove, user_service->msg_insert - user_service->msg_remove,
MSG_QUEUE_SIZE); MSG_QUEUE_SIZE);
if (user_service->dequeue_pending) if (user_service->dequeue_pending)
len += snprintf(buf + len, sizeof(buf) - len, len += scnprintf(buf + len, sizeof(buf) - len,
" (dequeue pending)"); " (dequeue pending)");
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7