From 42f21e5452a24d205dcc029be4075b8be07f2ac0 Mon Sep 17 00:00:00 2001 From: Takashi Iwai Date: Wed, 11 Mar 2020 10:32:29 +0100 Subject: [PATCH] video: omap2: Use scnprintf() for avoiding potential buffer overflow Since snprintf() returns the would-be-output size instead of the actual output size, the succeeding calls may go beyond the given buffer limit. Fix it by replacing with scnprintf(). Signed-off-by: Takashi Iwai Signed-off-by: Bartlomiej Zolnierkiewicz Link: https://patchwork.freedesktop.org/patch/msgid/20200311093230.24900-3-tiwai@suse.de --- drivers/video/fbdev/omap2/omapfb/omapfb-sysfs.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/video/fbdev/omap2/omapfb/omapfb-sysfs.c b/drivers/video/fbdev/omap2/omapfb/omapfb-sysfs.c index 4a5db170ef59..2d39dbfa742e 100644 --- a/drivers/video/fbdev/omap2/omapfb/omapfb-sysfs.c +++ b/drivers/video/fbdev/omap2/omapfb/omapfb-sysfs.c @@ -147,11 +147,11 @@ static ssize_t show_overlays(struct device *dev, if (ovl == fbdev->overlays[ovlnum]) break; - l += snprintf(buf + l, PAGE_SIZE - l, "%s%d", + l += scnprintf(buf + l, PAGE_SIZE - l, "%s%d", t == 0 ? "" : ",", ovlnum); } - l += snprintf(buf + l, PAGE_SIZE - l, "\n"); + l += scnprintf(buf + l, PAGE_SIZE - l, "\n"); omapfb_unlock(fbdev); unlock_fb_info(fbi); @@ -328,11 +328,11 @@ static ssize_t show_overlays_rotate(struct device *dev, lock_fb_info(fbi); for (t = 0; t < ofbi->num_overlays; t++) { - l += snprintf(buf + l, PAGE_SIZE - l, "%s%d", + l += scnprintf(buf + l, PAGE_SIZE - l, "%s%d", t == 0 ? "" : ",", ofbi->rotation[t]); } - l += snprintf(buf + l, PAGE_SIZE - l, "\n"); + l += scnprintf(buf + l, PAGE_SIZE - l, "\n"); unlock_fb_info(fbi); -- 2.11.0