From: Takashi Iwai <tiwai@suse.de>
Date: Wed, 11 Mar 2020 08:47:09 +0000 (+0100)
Subject: carl9170: Use scnprintf() for avoiding potential buffer overflow
X-Git-Tag: v5.7-rc1~146^2~86^2~32
X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=5cb5b4759cf6febe49bf23b7a0f362ac37e21b01;p=tomoyo%2Ftomoyo-test1.git

carl9170: Use scnprintf() for avoiding potential buffer overflow

Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit.  Fix it by replacing with scnprintf().

Cc: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
---

diff --git a/drivers/net/wireless/ath/carl9170/debug.c b/drivers/net/wireless/ath/carl9170/debug.c
index a9b6dc17e408..19009aafc4e1 100644
--- a/drivers/net/wireless/ath/carl9170/debug.c
+++ b/drivers/net/wireless/ath/carl9170/debug.c
@@ -45,7 +45,7 @@
 #include "cmd.h"
 
 #define ADD(buf, off, max, fmt, args...)				\
-	off += snprintf(&buf[off], max - off, fmt, ##args);
+	off += scnprintf(&buf[off], max - off, fmt, ##args);
 
 
 struct carl9170_debugfs_fops {