edd: Use scnprintf() for avoiding potential buffer overflow
authorTakashi Iwai <tiwai@suse.de>
Fri, 20 Mar 2020 08:44:29 +0000 (09:44 +0100)
committerTakashi Iwai <tiwai@suse.de>
Thu, 2 Apr 2020 18:42:29 +0000 (20:42 +0200)
Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit.  Fix it by replacing with scnprintf().

Link: https://lore.kernel.org/r/20200320084429.1803-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
drivers/firmware/edd.c

index 29906e39ab4b1855f84d1f2fa6c25fccf3729432..14d0970a7198c531f78e64e5b3c76f09c4aa9996 100644 (file)
@@ -341,7 +341,7 @@ edd_show_legacy_max_cylinder(struct edd_device *edev, char *buf)
        if (!info || !buf)
                return -EINVAL;
 
-       p += snprintf(p, left, "%u\n", info->legacy_max_cylinder);
+       p += scnprintf(p, left, "%u\n", info->legacy_max_cylinder);
        return (p - buf);
 }
 
@@ -356,7 +356,7 @@ edd_show_legacy_max_head(struct edd_device *edev, char *buf)
        if (!info || !buf)
                return -EINVAL;
 
-       p += snprintf(p, left, "%u\n", info->legacy_max_head);
+       p += scnprintf(p, left, "%u\n", info->legacy_max_head);
        return (p - buf);
 }
 
@@ -371,7 +371,7 @@ edd_show_legacy_sectors_per_track(struct edd_device *edev, char *buf)
        if (!info || !buf)
                return -EINVAL;
 
-       p += snprintf(p, left, "%u\n", info->legacy_sectors_per_track);
+       p += scnprintf(p, left, "%u\n", info->legacy_sectors_per_track);
        return (p - buf);
 }