bcache: Use scnprintf() for avoiding potential buffer overflow

Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit.  Fix it by replacing with scnprintf().

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Coly Li <colyli@suse.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/drivers/md/bcache/sysfs.c b/drivers/md/bcache/sysfs.c
index 3470fae4eabc1bfd268064d4902ac5e4ee4f13ed..323276994aab728894258f1ececed30bd85a33a3 100644 (file)
--- a/drivers/md/bcache/sysfs.c
+++ b/drivers/md/bcache/sysfs.c
@@ -154,7 +154,7 @@ static ssize_t bch_snprint_string_list(char *buf,
        size_t i;
 
        for (i = 0; list[i]; i++)
-               out += snprintf(out, buf + size - out,
+               out += scnprintf(out, buf + size - out,
                                i == selected ? "[%s] " : "%s ", list[i]);
 
        out[-1] = '\n';