diff options
| author |   Takashi Iwai <tiwai@suse.de> | 2020-03-11 08:38:24 +0100 |
|---|---|---|
| committer |   Jiri Kosina <jkosina@suse.cz> | 2020-03-11 11:58:58 +0100 |
| commit | 62a1a58039595698f644f560f00105bb4d5f5c7f (patch) | |
| tree | 5b04a64465ee8f2ce07898bbc81854e6c7adf1cf /drivers | |
| parent | HID: hid-picolcd_fb: Use scnprintf() for avoiding potential buffer overflow (diff) | |
| download | linux-dev-62a1a58039595698f644f560f00105bb4d5f5c7f.tar.xz linux-dev-62a1a58039595698f644f560f00105bb4d5f5c7f.zip | |
HID: hid-sensor-custom: Use scnprintf() for avoiding potential buffer overflow
Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit. Fix it by replacing with scnprintf().
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Diffstat (limited to 'drivers')
| -rw-r--r-- | drivers/hid/hid-sensor-custom.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/drivers/hid/hid-sensor-custom.c b/drivers/hid/hid-sensor-custom.c index fb827c295842..4d25577a8573 100644 --- a/drivers/hid/hid-sensor-custom.c +++ b/drivers/hid/hid-sensor-custom.c @@ -313,7 +313,7 @@ static ssize_t show_value(struct device *dev, struct device_attribute *attr, while (i < ret) { if (i + attribute->size > ret) { - len += snprintf(&buf[len], + len += scnprintf(&buf[len], PAGE_SIZE - len, "%d ", values[i]); break; @@ -336,10 +336,10 @@ static ssize_t show_value(struct device *dev, struct device_attribute *attr, ++i; break; } - len += snprintf(&buf[len], PAGE_SIZE - len, + len += scnprintf(&buf[len], PAGE_SIZE - len, "%lld ", value); } - len += snprintf(&buf[len], PAGE_SIZE - len, "\n"); + len += scnprintf(&buf[len], PAGE_SIZE - len, "\n"); return len; } else if (input) |