projects / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2605fbd)
scsi: gdth: Use scnprintf() for avoiding potential buffer overflow
authorTakashi Iwai <tiwai@suse.de>
Sun, 15 Mar 2020 09:42:37 +0000 (10:42 +0100)
committerMartin K. Petersen <martin.petersen@oracle.com>
Tue, 17 Mar 2020 17:36:10 +0000 (13:36 -0400)
Since snprintf() returns the would-be-output size instead of the actual
output size, the succeeding calls may go beyond the given buffer limit.
Fix it by replacing with scnprintf().

[mkp: checkpatch fix]

Link: https://lore.kernel.org/r/20200315094241.9086-5-tiwai@suse.de
Cc: "James E . J . Bottomley" <jejb@linux.ibm.com>
Cc: "Martin K . Petersen" <martin.petersen@oracle.com>
Cc: Achim Leubner <achim_leubner@adaptec.com>
Cc: linux-scsi@vger.kernel.org
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
drivers/scsi/gdth_proc.c patch | blob | history

diff --git a/drivers/scsi/gdth_proc.c b/drivers/scsi/gdth_proc.c
index 381d849726ac280497a92b552a7289a50ad08733..c764312f9ba053fde54d45f517d1cbdf0968f320 100644 (file)
--- a/drivers/scsi/gdth_proc.c
+++ b/drivers/scsi/gdth_proc.c
@@ -193,7 +193,7 @@ int gdth_show_info(struct seq_file *m, struct Scsi_Host *host)
         for (i = 1;  i < MAX_RES_ARGS; i++) {
             if (reserve_list[i] == 0xff) 
                 break;
-            hlen += snprintf(hrec + hlen , 161 - hlen, ",%d", reserve_list[i]);
+           hlen += scnprintf(hrec + hlen, 161 - hlen, ",%d", reserve_list[i]);
         }
     }
     seq_printf(m,
ep93xx device tree rework repo: git://git.maquefel.me/linux.git