misc: mic: Use scnprintf() for avoiding potential buffer overflow

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit. Fix it by replacing with scnprintf().

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Link: https://lore.kernel.org/r/20200311074916.8783-1-tiwai@suse.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

authored by

Takashi Iwai and committed by

Greg Kroah-Hartman 6 years ago d108b132 f276d3ea

+2 -2

1 changed file

expand all

drivers

misc

mic

host

mic_x100.c

+2 -2

drivers/misc/mic/host/mic_x100.c

··· 350 350 if (!buf) 351 351 return -ENOMEM; 352 352 353 - len += snprintf(buf, CMDLINE_SIZE - len, 353 + len += scnprintf(buf, CMDLINE_SIZE - len, 354 354 " mem=%dM", boot_mem); 355 355 if (mdev->cosm_dev->cmdline) 356 - snprintf(buf + len, CMDLINE_SIZE - len, " %s", 356 + scnprintf(buf + len, CMDLINE_SIZE - len, " %s", 357 357 mdev->cosm_dev->cmdline); 358 358 memcpy_toio(cmd_line_va, buf, strlen(buf) + 1); 359 359 kfree(buf);