Message ID | 20200311070958.3791-1-tiwai@suse.de (mailing list archive) |
---|---|
State | Mainlined, archived |
Headers | show |
Series | PCI/ACPI: Use scnprintf() for avoiding potential buffer overflow | expand |
On Wednesday, March 11, 2020 8:09:58 AM CET Takashi Iwai wrote: > Since snprintf() returns the would-be-output size instead of the > actual output size, the succeeding calls may go beyond the given > buffer limit. Fix it by replacing with scnprintf(). > > Signed-off-by: Takashi Iwai <tiwai@suse.de> > --- > drivers/acpi/pci_root.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/acpi/pci_root.c b/drivers/acpi/pci_root.c > index d1e666ef3fcc..f92df2533e7e 100644 > --- a/drivers/acpi/pci_root.c > +++ b/drivers/acpi/pci_root.c > @@ -153,7 +153,7 @@ static void decode_osc_bits(struct acpi_pci_root *root, char *msg, u32 word, > buf[0] = '\0'; > for (i = 0, entry = table; i < size; i++, entry++) > if (word & entry->bit) > - len += snprintf(buf + len, sizeof(buf) - len, "%s%s", > + len += scnprintf(buf + len, sizeof(buf) - len, "%s%s", > len ? " " : "", entry->desc); > > dev_info(&root->device->dev, "_OSC: %s [%s]\n", msg, buf); > Applied as 5.7 material, thanks!
diff --git a/drivers/acpi/pci_root.c b/drivers/acpi/pci_root.c index d1e666ef3fcc..f92df2533e7e 100644 --- a/drivers/acpi/pci_root.c +++ b/drivers/acpi/pci_root.c @@ -153,7 +153,7 @@ static void decode_osc_bits(struct acpi_pci_root *root, char *msg, u32 word, buf[0] = '\0'; for (i = 0, entry = table; i < size; i++, entry++) if (word & entry->bit) - len += snprintf(buf + len, sizeof(buf) - len, "%s%s", + len += scnprintf(buf + len, sizeof(buf) - len, "%s%s", len ? " " : "", entry->desc); dev_info(&root->device->dev, "_OSC: %s [%s]\n", msg, buf);
Since snprintf() returns the would-be-output size instead of the actual output size, the succeeding calls may go beyond the given buffer limit. Fix it by replacing with scnprintf(). Signed-off-by: Takashi Iwai <tiwai@suse.de> --- drivers/acpi/pci_root.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)