HID: hid-sensor-custom: Use scnprintf() for avoiding potential buffer overflow

Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit.  Fix it by replacing with scnprintf().

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>

diff --git a/drivers/hid/hid-sensor-custom.c b/drivers/hid/hid-sensor-custom.c
index fb827c295842f0e4ebe9e81974c513bef9c6638e..4d25577a8573fe2edc2edc145748f454fd21d090 100644 (file)
--- a/drivers/hid/hid-sensor-custom.c
+++ b/drivers/hid/hid-sensor-custom.c
@@ -313,7 +313,7 @@ static ssize_t show_value(struct device *dev, struct device_attribute *attr,
 
                        while (i < ret) {
                                if (i + attribute->size > ret) {
-                                       len += snprintf(&buf[len],
+                                       len += scnprintf(&buf[len],
                                                        PAGE_SIZE - len,
                                                        "%d ", values[i]);
                                        break;
@@ -336,10 +336,10 @@ static ssize_t show_value(struct device *dev, struct device_attribute *attr,
                                        ++i;
                                        break;
                                }
-                               len += snprintf(&buf[len], PAGE_SIZE - len,
+                               len += scnprintf(&buf[len], PAGE_SIZE - len,
                                                "%lld ", value);
                        }
-                       len += snprintf(&buf[len], PAGE_SIZE - len, "\n");
+                       len += scnprintf(&buf[len], PAGE_SIZE - len, "\n");
 
                        return len;
                } else if (input)