diff options
author | Takashi Iwai <tiwai@suse.de> | 2020-03-11 12:32:29 +0300 |
---|---|---|
committer | Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com> | 2020-03-20 16:29:05 +0300 |
commit | 42f21e5452a24d205dcc029be4075b8be07f2ac0 (patch) | |
tree | 74437326b2c3f093aada2c356515280738a9c0ec /drivers/video/fbdev/omap2 | |
parent | bf1b615ad97e6ce915b0f510c031803da71b02b8 (diff) | |
download | linux-42f21e5452a24d205dcc029be4075b8be07f2ac0.tar.xz |
video: omap2: Use scnprintf() for avoiding potential buffer overflow
Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit. Fix it by replacing with scnprintf().
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20200311093230.24900-3-tiwai@suse.de
Diffstat (limited to 'drivers/video/fbdev/omap2')
-rw-r--r-- | drivers/video/fbdev/omap2/omapfb/omapfb-sysfs.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/drivers/video/fbdev/omap2/omapfb/omapfb-sysfs.c b/drivers/video/fbdev/omap2/omapfb/omapfb-sysfs.c index 4a5db170ef59..2d39dbfa742e 100644 --- a/drivers/video/fbdev/omap2/omapfb/omapfb-sysfs.c +++ b/drivers/video/fbdev/omap2/omapfb/omapfb-sysfs.c @@ -147,11 +147,11 @@ static ssize_t show_overlays(struct device *dev, if (ovl == fbdev->overlays[ovlnum]) break; - l += snprintf(buf + l, PAGE_SIZE - l, "%s%d", + l += scnprintf(buf + l, PAGE_SIZE - l, "%s%d", t == 0 ? "" : ",", ovlnum); } - l += snprintf(buf + l, PAGE_SIZE - l, "\n"); + l += scnprintf(buf + l, PAGE_SIZE - l, "\n"); omapfb_unlock(fbdev); unlock_fb_info(fbi); @@ -328,11 +328,11 @@ static ssize_t show_overlays_rotate(struct device *dev, lock_fb_info(fbi); for (t = 0; t < ofbi->num_overlays; t++) { - l += snprintf(buf + l, PAGE_SIZE - l, "%s%d", + l += scnprintf(buf + l, PAGE_SIZE - l, "%s%d", t == 0 ? "" : ",", ofbi->rotation[t]); } - l += snprintf(buf + l, PAGE_SIZE - l, "\n"); + l += scnprintf(buf + l, PAGE_SIZE - l, "\n"); unlock_fb_info(fbi); |