printk: Use scnprintf() to print the message about the dropped messages on a console

Use scnprintf() for printing the message about dropped messages on
a console. It returns the really written length of the message.
It prevents potential buffer overflow when the returned length is
later used to copy the buffer content.

Note that the previous code was safe because the scratch buffer was
big enough and the message always fit in. But scnprintf() makes
it more safe, definitely.

Reported-by: coverity-bot <keescook+coverity-bot@chromium.org>
Addresses-Coverity-ID: 1530570 ("Memory - corruptions")
Fixes: c4fcc617e148 ("printk: introduce console_prepend_dropped() for dropped messages")
Link: https://lore.kernel.org/r/202301131544.D9E804CCD@keescook
Reviewed-by: John Ogness <john.ogness@linutronix.de>
Reviewed-by: Sergey Senozhatsky <senozhatsky@chromium.org>
Signed-off-by: Petr Mladek <pmladek@suse.com>
Link: https://lore.kernel.org/r/20230117161031.15499-1-pmladek@suse.com

diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c
index 55338bfd3b5539e456473740d5448f740cbbd851..a9b7dade0d2ecd87dab1ddc80ca88f641095a621 100644 (file)
--- a/kernel/printk/printk.c
+++ b/kernel/printk/printk.c
@@ -2716,7 +2716,7 @@ static void console_prepend_dropped(struct printk_message *pmsg, unsigned long d
        char *outbuf = &pbufs->outbuf[0];
        size_t len;
 
-       len = snprintf(scratchbuf, scratchbuf_sz,
+       len = scnprintf(scratchbuf, scratchbuf_sz,
                       "** %lu printk messages dropped **\n", dropped);
 
        /*