HID: hid-picolcd_fb: Use scnprintf() for avoiding potential buffer overflow

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit. Fix it by replacing with scnprintf().

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>

authored by

Takashi Iwai and committed by

Jiri Kosina 6 years ago 42f502df 4eb1b01d

+2 -2

1 changed file

expand all

drivers

hid

hid-picolcd_fb.c

+2 -2

drivers/hid/hid-picolcd_fb.c

··· 459 459 if (ret >= PAGE_SIZE) 460 460 break; 461 461 else if (i == fb_update_rate) 462 - ret += snprintf(buf+ret, PAGE_SIZE-ret, "[%u] ", i); 462 + ret += scnprintf(buf+ret, PAGE_SIZE-ret, "[%u] ", i); 463 463 else 464 - ret += snprintf(buf+ret, PAGE_SIZE-ret, "%u ", i); 464 + ret += scnprintf(buf+ret, PAGE_SIZE-ret, "%u ", i); 465 465 if (ret > 0) 466 466 buf[min(ret, (size_t)PAGE_SIZE)-1] = '\n'; 467 467 return ret;