projects / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8f3d9f3)
efi/cper: Use scnprintf() for avoiding potential buffer overflow
authorTakashi Iwai <tiwai@suse.de>
Thu, 9 Apr 2020 13:04:26 +0000 (15:04 +0200)
committerIngo Molnar <mingo@kernel.org>
Tue, 14 Apr 2020 06:32:11 +0000 (08:32 +0200)
Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit.  Fix it by replacing with scnprintf().

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Link: https://lore.kernel.org/r/20200311072145.5001-1-tiwai@suse.de
Link: https://lore.kernel.org/r/20200409130434.6736-2-ardb@kernel.org
drivers/firmware/efi/cper.c patch | blob | history

diff --git a/drivers/firmware/efi/cper.c b/drivers/firmware/efi/cper.c
index b1af0de2e10080ef8080183d0797436217520b28..9d2512913d2587361b576893897969d73e24d029 100644 (file)
--- a/drivers/firmware/efi/cper.c
+++ b/drivers/firmware/efi/cper.c
@@ -101,7 +101,7 @@ void cper_print_bits(const char *pfx, unsigned int bits,
                if (!len)
                        len = snprintf(buf, sizeof(buf), "%s%s", pfx, str);
                else
-                       len += snprintf(buf+len, sizeof(buf)-len, ", %s", str);
+                       len += scnprintf(buf+len, sizeof(buf)-len, ", %s", str);
        }
        if (len)
                printk("%s\n", buf);
ep93xx device tree rework repo: git://git.maquefel.me/linux.git