superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

HID: hid-sensor-custom: Use scnprintf() for avoiding potential buffer overflow 

Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit.  Fix it by replacing with scnprintf().

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
pull/774/merge
Takashi Iwai 2020-03-11 08:38:24 +01:00 committed by Jiri Kosina
parent 42f502dfe1
commit 62a1a58039
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
drivers/hid/hid-sensor-custom.c
View File

@ -313,7 +313,7 @@ static ssize_t show_value(struct device *dev, struct device_attribute *attr,
while (i < ret) { while (i < ret) {
if (i + attribute->size > ret) { if (i + attribute->size > ret) {
len += snprintf(&buf[len], len += scnprintf(&buf[len],
PAGE_SIZE - len, PAGE_SIZE - len,
"%d ", values[i]); "%d ", values[i]);
break; break;
@ -336,10 +336,10 @@ static ssize_t show_value(struct device *dev, struct device_attribute *attr,
++i; ++i;
break; break;
} }
len += snprintf(&buf[len], PAGE_SIZE - len, len += scnprintf(&buf[len], PAGE_SIZE - len,
"%lld ", value); "%lld ", value);
} }
len += snprintf(&buf[len], PAGE_SIZE - len, "\n"); len += scnprintf(&buf[len], PAGE_SIZE - len, "\n");
return len; return len;
} else if (input) } else if (input)