hwmon: (ibmpowernv) Use scnprintf() for avoiding potential buffer overflow

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit. Fix it by replacing with scnprintf().

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>

authored by

Takashi Iwai and committed by

Guenter Roeck 6 years ago 6a096871 86da28ee

+4 -4

1 changed file

expand all

drivers

hwmon

ibmpowernv.c

+4 -4

drivers/hwmon/ibmpowernv.c

··· 186 186 u32 id; 187 187 size_t n; 188 188 189 - n = snprintf(sdata->label, sizeof(sdata->label), "%s", label); 189 + n = scnprintf(sdata->label, sizeof(sdata->label), "%s", label); 190 190 191 191 /* 192 192 * Core temp pretty print ··· 199 199 * The digital thermal sensors are associated 200 200 * with a core. 201 201 */ 202 - n += snprintf(sdata->label + n, 202 + n += scnprintf(sdata->label + n, 203 203 sizeof(sdata->label) - n, " %d", 204 204 cpuid); 205 205 else 206 - n += snprintf(sdata->label + n, 206 + n += scnprintf(sdata->label + n, 207 207 sizeof(sdata->label) - n, " phy%d", id); 208 208 } 209 209 ··· 211 211 * Membuffer pretty print 212 212 */ 213 213 if (!of_property_read_u32(np, "ibm,chip-id", &id)) 214 - n += snprintf(sdata->label + n, sizeof(sdata->label) - n, 214 + n += scnprintf(sdata->label + n, sizeof(sdata->label) - n, 215 215 " %d", id & 0xffff); 216 216 } 217 217