IB/hfi1: Use scnprintf() for avoiding potential buffer overflow

Since snprintf() returns the would-be-output size instead of the actual
output size, the succeeding calls may go beyond the given buffer limit.
Fix it by replacing with scnprintf().

Link: https://lore.kernel.org/r/20200319154641.23711-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>

diff --git a/drivers/infiniband/hw/hfi1/fault.c b/drivers/infiniband/hw/hfi1/fault.c
index 986c12153e62ecbe03e99a421355188fbf08c47f..0dfbcfb048ca9d8987bc0a9f42c133e10c0587f8 100644 (file)
--- a/drivers/infiniband/hw/hfi1/fault.c
+++ b/drivers/infiniband/hw/hfi1/fault.c
@@ -222,11 +222,11 @@ static ssize_t fault_opcodes_read(struct file *file, char __user *buf,
        while (bit < bitsize) {
                zero = find_next_zero_bit(fault->opcodes, bitsize, bit);
                if (zero - 1 != bit)
-                       size += snprintf(data + size,
+                       size += scnprintf(data + size,
                                         datalen - size - 1,
                                         "0x%lx-0x%lx,", bit, zero - 1);
                else
-                       size += snprintf(data + size,
+                       size += scnprintf(data + size,
                                         datalen - size - 1, "0x%lx,",
                                         bit);
                bit = find_next_bit(fault->opcodes, bitsize, zero);