b43legacy: Use scnprintf() for avoiding potential buffer overflow
authorTakashi Iwai <tiwai@suse.de>
Wed, 11 Mar 2020 08:47:11 +0000 (09:47 +0100)
committerKalle Valo <kvalo@codeaurora.org>
Thu, 12 Mar 2020 13:43:39 +0000 (15:43 +0200)
Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit.  Fix it by replacing with scnprintf().

Cc: Larry Finger <Larry.Finger@lwfinger.net>
Cc: b43-dev@lists.infradead.org
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
drivers/net/wireless/broadcom/b43legacy/debugfs.c

index 082aab8353b813640dcb10bf56c8500f104ad57e..fa133dfb2ecbf5eba9a444f19ecb34a62e193ee9 100644 (file)
@@ -54,7 +54,7 @@ struct b43legacy_dfs_file * fops_to_dfs_file(struct b43legacy_wldev *dev,
 #define fappend(fmt, x...)     \
        do {                                                    \
                if (bufsize - count)                            \
-                       count += snprintf(buf + count,          \
+                       count += scnprintf(buf + count,         \
                                          bufsize - count,      \
                                          fmt , ##x);           \
                else                                            \